{
  "url": "ws://127.0.0.1:9099",
  "outdir": "./target/fuzzingserver-report",
  "cases": ["*"],
  "exclude-cases": [
    "6.1.1",
    "6.1.2",
    "6.1.3",
    "6.2.1",
    "6.2.2",
    "6.2.3",
    "6.2.4",
    "6.3.1",
    "6.3.2",
    "6.4.1",
    "6.4.2",
    "6.4.3",
    "6.4.4",
    "6.5.1",
    "6.5.2",
    "6.5.3",
    "6.5.4",
    "6.5.5",
    "6.6.1",
    "6.6.2",
    "6.6.3",

=====

OkHttp attempts to balance two competing concerns:

 * **Connectivity** to as many hosts as possible. That includes advanced hosts that run the latest versions of [boringssl](https://boringssl.googlesource.com/boringssl/) and less out of date hosts running older versions of [OpenSSL](https://www.openssl.org/).
 * **Security** of the connection. This includes verification of the remote webserver with certificates and the privacy of data exchanged with strong ciphers.

 * server's hostname and port. If an explicit proxy is requested (or [no proxy][Proxy.NO_PROXY] is
 * explicitly requested), this also includes that proxy information. For secure connections the
 * address also includes the SSL socket factory, hostname verifier, and certificate pinner.
 *
 * HTTP requests that share the same [Address] may also share the same [Connection].
 */
class Address(

 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3.tls.internal.der

/**
 * The first two bytes of each value is a header that includes its tag (field ID) and length.
 */
internal data class DerHeader(
  /**
   * Namespace of the tag.
   *
   * This value is encoded in bits 7 and 8 of the first byte of each value.
   *
   * ```

      direction,
      streamId,
      length,
      formattedType,
      formattedFlags,
    )
  }

  /**
   * Returns a human-readable representation of a `WINDOW_UPDATE` frame. This frame includes the
   * window size increment instead of flags.
   */
  fun frameLogWindowUpdate(
    inbound: Boolean,
    streamId: Int,
    length: Int,
    windowSizeIncrement: Long,
  ): String {

   * one of those methods.
   */
  open fun responseFailed(
    call: Call,
    ioe: IOException,
  ) {
  }

  /**
   * Invoked immediately after a call has completely ended.  This includes delayed consumption
   * of response body by the caller.
   *
   * This method is always invoked after [callStart].
   */
  open fun callEnd(call: Call) {
  }

  /**

Cipher suites that are only available with TLSv1.3.

<a name="http2_naughty"></a>
#### ² HTTP/2 Cipher Suite Denylist

Cipher suites that are [discouraged for use][http2_denylist] with HTTP/2. OkHttp includes them because better suites are not commonly available. For example, none of the better cipher suites listed above shipped with Android 4.4 or Java 7.

[OkHttp30]: https://square.github.io/okhttp/changelog_3x/#version-300

   */
  HTTP_1_0("http/1.0"),

  /**
   * A plaintext framing that includes persistent connections.
   *
   * This version of OkHttp implements [RFC 7230][rfc_7230], and tracks revisions to that spec.
   *
   * [rfc_7230]: https://tools.ietf.org/html/rfc7230
   */
  HTTP_1_1("http/1.1"),

  /**
   * Chromium's binary-framed protocol that includes header compression, multiplexing multiple

        .commonName("root")
        .build()

    // Add a good intermediate CA, and have that issue a good certificate to localhost. Prepare an
    // SSL context for an HTTP client under attack. It includes the trusted CA and a pinned
    // certificate.
    val goodIntermediateCa =
      HeldCertificate.Builder()
        .signedBy(rootCa)
        .certificateAuthority(0)
        .serialNumber(2L)

In these examples we've prearranged which root certificates to trust. But for regular HTTPS on the
Internet this set of trusted root certificates is usually provided by default by the host platform.
Such a set typically includes many root certificates from well-known certificate authorities like
Entrust and Verisign.

This is the behavior you'll get with your OkHttpClient if you don't specifically configure