}
  }

  companion object {
    /**
     * The cipher suite used during TLS connection fallback to indicate a fallback. See
     * https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
     */
    const val TLS_FALLBACK_SCSV = "TLS_FALLBACK_SCSV"
  }

- **Encryption Context**: Per-session encryption state management
- **Key Derivation**: SMB3 KDF implementation with dialect-specific parameters
- **Pre-Authentication Integrity**: SMB 3.1.1 PAI for preventing downgrade attacks
- **Automatic Detection**: Encryption automatically enabled when servers require it
- **Secure Key Management**: Proper key derivation and nonce generation

### Core Features

## Before Upgrading

* If you need to downgrade from 1.10 to 1.9.x, downgrade to v1.9.6 to ensure PV and PVC objects can be deleted properly.

            assertEquals("package", packageExecution.child("phase").orElse(null).textContent());
        }
    }

    @Nested
    @DisplayName("Downgrade Handling")
    class DowngradeHandlingTests {

        @Test
        @DisplayName("should fail with error when attempting downgrade from 4.1.0 to 4.0.0")
        void shouldFailWhenAttemptingDowngrade() throws Exception {
            String pomXml = """

import jcifs.internal.util.SMBUtil;

/**
 * SMB2 Pre-authentication Integrity Negotiate Context.
 *
 * This negotiate context is used in SMB 3.1.1 to establish
 * pre-authentication integrity protection against downgrade attacks.
 *
 * @author mbechler
 */
public class PreauthIntegrityNegotiateContext implements NegotiateContextRequest, NegotiateContextResponse {

    /**
     * Context type
     */

	cfg.HSTSPreload = hstsPreload

	referrerPolicy := env.Get(EnvBrowserReferrerPolicy, kvs.GetWithDefault(browserReferrerPolicy, DefaultKVS))
	switch referrerPolicy {
	case "no-referrer", "no-referrer-when-downgrade", "origin", "origin-when-cross-origin", "same-origin", "strict-origin", "strict-origin-when-cross-origin", "unsafe-url":
		cfg.ReferrerPolicy = referrerPolicy
	default:

  fun wrongConnectionHeader() {
    webServer.enqueue(
      MockResponse
        .Builder()
        .code(101)
        .setHeader("Upgrade", "websocket")
        .setHeader("Connection", "Downgrade")
        .setHeader("Sec-WebSocket-Accept", "ujmZX4KXZqjwy6vi1aQFH5p4Ygk=")
        .build(),
    )
    webServer.enqueue(
      MockResponse
        .Builder()
        .onRequestStart(CloseSocket())

        }
        return model;
    }

    static void warnNotDowngraded(MavenProject project) {
        LOGGER.warn("The consumer POM for " + project.getId() + " cannot be downgraded to 4.0.0. "
                + "If you intent your build to be consumed with Maven 3 projects, you need to remove "
                + "the features that request a newer model version.  If you're fine with having the "

- [ ] Implement lease key generation and management
- [ ] Add lease context to Create request/response
- [ ] Implement lease break notification handling
- [ ] Modify SmbFile to support lease-based caching
- [ ] Add lease upgrade/downgrade logic
- [ ] Implement lease epoch tracking for v2 leases

#### 1.3 Integration Points
- Modify `Smb2CreateRequest` to include lease contexts
- Update `SmbFile` caching logic to use leases

* Fix GCE etcd scripts to pass in all required parameters for the etcd migration utility to correctly perform HA upgrades and downgrades ([#61956](https://github.com/kubernetes/kubernetes/pull/61956), [@jpbetz](https://github.com/jpbetz))