try (Response response = client.newCall(request).execute()) {
      assertTrue(response.code() == 200 || response.code() == 404);
      assertEquals(Protocol.HTTP_2, response.protocol());

      for (Certificate c: response.handshake().peerCertificates()) {
        X509Certificate x = (X509Certificate) c;
        System.out.println(x.getSubjectDN());
      }
    }
  }

        .build();

    Call call = client.newCall(new Request.Builder()
        .url(server.url("/"))
        .build());
    Response response = call.execute();
    System.out.println(response.handshake().tlsVersion());
  }

  public static void main(String... args) throws Exception {
    new HttpsServer().run();
  }

    override val timestampNs: Long,
    override val call: Call,
  ) : CallEvent()

  data class SecureConnectEnd(
    override val timestampNs: Long,
    override val call: Call,
    val handshake: Handshake?,
  ) : CallEvent() {
    override fun closes(event: CallEvent): Boolean = event is SecureConnectStart && call == event.call
  }

  data class ConnectionAcquired(
    override val timestampNs: Long,

<img src="/img/deployment/https/https01.svg">

### TLS-Handshake-Start

Der Browser kommuniziert dann mit dieser IP-Adresse über **Port 443** (den HTTPS-Port).

        .build();

    try (Response response = client.newCall(request).execute()) {
      if (!response.isSuccessful()) throw new IOException("Unexpected code " + response);

      for (Certificate certificate : response.handshake().peerCertificates()) {
        System.out.println(CertificatePinner.pin(certificate));
      }
    }
  }

  public static void main(String... args) throws Exception {
    new CertificatePinning().run();
  }

    val request = Request.Builder().url("https://mozilla.org/robots.txt").build()

    client.newCall(request).execute().use {
      assertThat(it.protocol).isEqualTo(Protocol.HTTP_2)
      assertThat(it.handshake!!.tlsVersion).isEqualTo(TlsVersion.TLS_1_3)
    }
  }

The DNS servers would tell the browser to use some specific **IP address**. That would be the public IP address used by your server, that you configured in the DNS servers.

<img src="/img/deployment/https/https01.svg">

### TLS Handshake Start

The browser would then communicate with that IP address on **port 443** (the HTTPS port).

  DISCONNECT_AT_END,
  UPGRADE_TO_SSL_AT_END,
  DISCONNECT_AT_START,
  DISCONNECT_AFTER_REQUEST,
  DISCONNECT_DURING_REQUEST_BODY,
  DISCONNECT_DURING_RESPONSE_BODY,
  DO_NOT_READ_REQUEST_BODY,
  FAIL_HANDSHAKE,
  SHUTDOWN_INPUT_AT_END,
  SHUTDOWN_OUTPUT_AT_END,
  STALL_SOCKET_AT_START,
  NO_RESPONSE,
  RESET_STREAM_AT_START,
  EXPECT_CONTINUE,
  CONTINUE_ALWAYS,

        .build()

    client.newCall(request).execute().use { response ->
      if (!response.isSuccessful) throw IOException("Unexpected code $response")

      for (certificate in response.handshake!!.peerCertificates) {
        println(CertificatePinner.pin(certificate))
      }
    }
  }
}

fun main() {
  CertificatePinning().run()

 * certificate is signed by the certificate that follows, and the last certificate is a trusted CA
 * certificate.
 *
 * Use of the chain cleaner is necessary to omit unexpected certificates that aren't relevant to
 * the TLS handshake and to extract the trusted CA certificate for the benefit of certificate
 * pinning.
 */
abstract class CertificateChainCleaner {
  @Throws(SSLPeerUnverifiedException::class)
  abstract fun clean(