null, "" -> null
      else -> protocol
    }
  }

  override fun configureTlsExtensions(
    sslSocket: SSLSocket,
    hostname: String?,
    protocols: List<Protocol>,
  ) {
    // No TLS extensions if the socket class is custom.
    if (matchesSocket(sslSocket)) {
      val bcSocket = sslSocket as BCSSLSocket

      val sslParameters = bcSocket.parameters

      // Enable ALPN.

```
.
├── app
│   ├── __init__.py
│   └── main.py
├── Dockerfile
└── requirements.txt
```

#### Behind a TLS Termination Proxy { #behind-a-tls-termination-proxy }

 */
class BouncyCastlePlatform private constructor() : Platform() {
  private val provider: Provider = BouncyCastleJsseProvider()

  override fun newSSLContext(): SSLContext = SSLContext.getInstance("TLS", provider)

  override fun platformTrustManager(): X509TrustManager {
    val factory =
      TrustManagerFactory.getInstance(
        "PKIX",
        BouncyCastleJsseProvider.PROVIDER_NAME,
      )

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3.tls.internal.der

import java.math.BigInteger
import java.security.GeneralSecurityException
import java.security.PublicKey
import java.security.Signature
import java.security.SignatureException

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3.tls.internal.der

import java.math.BigInteger
import okio.Buffer
import okio.BufferedSink
import okio.ByteString

internal class DerWriter(
  sink: BufferedSink,
) {

import okhttp3.internal.connection.asBufferedSocket
import okhttp3.internal.http2.Header
import okhttp3.internal.http2.Http2Connection
import okhttp3.internal.http2.Http2Stream
import okhttp3.internal.platform.Platform
import okhttp3.tls.internal.TlsUtil.localhost
import okio.buffer
import okio.source

/** A basic HTTP/2 server that serves the contents of a local directory.  */
class Http2Server(
  private val baseDirectory: File,

 * server.
 *
 * ## Preemptive Authentication
 *
 * To make HTTPS calls using an HTTP proxy server OkHttp must first negotiate a connection with
 * the proxy. This proxy connection is called a "TLS Tunnel" and is specified by
 * [RFC 2817][1]. The HTTP CONNECT request that creates this tunnel connection is special: it
 * does not participate in any [interceptors][Interceptor] or [event listeners][EventListener]. It

  implementation(libs.kotlin.reflect)
  implementation(libs.playservices.safetynet)
  implementation("com.squareup.okhttp3:okhttp:${okhttpLegacyVersion}")
  implementation("com.squareup.okhttp3:okhttp-tls:${okhttpLegacyVersion}") {
    exclude("org.bouncycastle")
  }
  androidTestImplementation("com.squareup.okhttp3:mockwebserver:${okhttpLegacyVersion}")
  androidTestImplementation(libs.bouncycastle.bcprov)

import assertk.assertions.isEqualTo
import assertk.assertions.isNull
import java.io.IOException
import java.security.cert.Certificate
import kotlin.test.assertFailsWith
import okhttp3.Handshake.Companion.handshake
import okhttp3.tls.HeldCertificate
import org.junit.jupiter.api.Test

class HandshakeTest {
  val serverRoot =
    HeldCertificate
      .Builder()
      .certificateAuthority(1)
      .build()
  val serverIntermediate =

MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY         (on|off)    trust server TLS without verification, defaults to "off" (verify)
MINIO_IDENTITY_LDAP_SERVER_INSECURE         (on|off)    allow plain text connection to AD/LDAP server, defaults to "off"
MINIO_IDENTITY_LDAP_SERVER_STARTTLS         (on|off)    use StartTLS connection to AD/LDAP server, defaults to "off"
```