override fun configureTlsExtensions(
    sslSocket: SSLSocket,
    hostname: String?,
    protocols: List<Protocol>,
  ) {
    // No TLS extensions if the socket class is custom.
    if (matchesSocket(sslSocket)) {
      try {
        // Enable session tickets.
        setUseSessionTickets.invoke(sslSocket, true)

        // Assume platform support on 24+

//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package cmd

import (
	"context"
	"crypto/tls"
	"sync/atomic"

	"github.com/minio/minio/internal/crypto"
	"github.com/minio/minio/internal/grid"
	xhttp "github.com/minio/minio/internal/http"
	"github.com/minio/minio/internal/rest"
)

import kotlin.test.assertFailsWith
import okhttp3.tls.internal.der.CertificateAdapters.generalNameDnsName
import okhttp3.tls.internal.der.CertificateAdapters.generalNameIpAddress
import okhttp3.tls.internal.der.ObjectIdentifiers.BASIC_CONSTRAINTS
import okhttp3.tls.internal.der.ObjectIdentifiers.COMMON_NAME
import okhttp3.tls.internal.der.ObjectIdentifiers.SHA256_WITH_RSA_ENCRYPTION
import okhttp3.tls.internal.der.ObjectIdentifiers.SUBJECT_ALTERNATIVE_NAME

 *  Fix: Use literal IP addresses directly rather than passing them to `DnsOverHttps`.
 *  Fix: Embed Proguard rules to prevent warnings from tools like DexGuard and R8. These warnings
    were triggered by OkHttp’s feature detection for TLS packages like `org.conscrypt`,
    `org.bouncycastle`, and `org.openjsse`.
 *  Upgrade: Explicitly depend on `kotlin-stdlib-jdk8`. This fixes a problem with dependency

    // System.setProperty("jdk.tls.client.enableSessionTicketExtension", "true")
    // System.setProperty("jdk.tls.server.enableSessionTicketExtension", "true")

    platform.assumeJdk9()
  }

  @Test
  fun testTlsv13Works() {
    // https://docs.oracle.com/en/java/javase/14/security/java-secure-socket-extension-jsse-reference-guide.html
    // TODO test jdk.tls.client.enableSessionTicketExtension

 */
package okhttp3.recipes.kt

import java.io.IOException
import java.security.cert.X509Certificate
import okhttp3.OkHttpClient
import okhttp3.Request.Builder
import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.decodeCertificatePem

class CustomTrust {
  // PEM files for root certificates of Comodo and Entrust. These two CAs are sufficient to view

		return
	}

	// We have to establish a TLS connection and the
	// client must provide exactly one client certificate.
	// Otherwise, we don't have a certificate to verify or
	// the policy lookup would ambiguous.
	if r.TLS == nil {
		writeSTSErrorResponse(ctx, w, ErrSTSInsecureConnection, errors.New("No TLS connection attempt"))
		return
	}

pkg compress/lzw, method (*Writer) Write([]uint8) (int, error)
pkg compress/lzw, type Reader struct
pkg compress/lzw, type Writer struct
pkg crypto/tls, method (*CertificateRequestInfo) Context() context.Context
pkg crypto/tls, method (*ClientHelloInfo) Context() context.Context
pkg crypto/tls, method (*Conn) HandshakeContext(context.Context) error
pkg database/sql, method (*NullByte) Scan(interface{}) error

    } ?: throw IllegalArgumentException("No such suite: $javaName")
}

suspend fun fetchIanaSuites(okHttpClient: OkHttpClient): IanaSuites {
  val url = "https://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv"

  val call = okHttpClient.newCall(Request(url.toHttpUrl()))

  val suites =
    call.executeAsync().use {
      if (!it.isSuccessful) {

import okhttp3.internal.platform.OpenJSSEPlatform
import okhttp3.internal.platform.Platform
import okhttp3.internal.platform.PlatformRegistry
import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.HeldCertificate
import okhttp3.tls.internal.TlsUtil.localhost
import org.bouncycastle.jce.provider.BouncyCastleProvider
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
import org.conscrypt.Conscrypt