* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3.survey

import okhttp3.survey.types.Client
import okhttp3.survey.types.SuiteId

/**
 * Organizes information on SSL cipher suite inclusion and precedence for this spreadsheet.

ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group14-sha1
diffie-hellman-group1-sha1
```

`--sftp=cipher-algos=...` specifies the allowed cipher algorithms. 
If unspecified then a sensible default is used.

Valid values: 
```
aes128-ctr
aes192-ctr
aes256-ctr
******@****.***
******@****.***

    if (this::cache.isInitialized) {
      cache.delete()
    }
  }

  @Test
  fun corruptedCipher() {
    val response =
      testCorruptingCache {
        corruptMetadata {
          // mess with cipher suite
          it.replace("TLS_", "SLT_")
        }
      }

    assertThat(response.body.string()).isEqualTo("ABC.1") // cached
    assertThat(cache.requestCount()).isEqualTo(2)

            "trustStore is",
            "Reload the trust store",
            "Reload trust certs",
            "Reloaded",
            "adding as trusted certificates",
            "Ignore disabled cipher suite",
            "Ignore unsupported cipher suite",
          ).joinToString(separator = "|"),
        )
        append(").*")
      },
    )

  private val testLogHandler =
    object : Handler() {

    cipher suite. We accidentally specified a key size of 256, preventing that cipher suite from
    being selected for any TLS handshakes. We didn't notice because this cipher suite isn't
    supported on Android, Java, or Conscrypt.

    We removed this cipher suite and `TLS_AES_128_CCM_SHA256` from the restricted, modern, and

pkg bytes, func SplitSeq([]uint8, []uint8) iter.Seq[[]uint8] #61901
pkg crypto/cipher, func NewCFBDecrypter //deprecated #69445
pkg crypto/cipher, func NewCFBEncrypter //deprecated #69445
pkg crypto/cipher, func NewGCMWithRandomNonce(Block) (AEAD, error) #69981
pkg crypto/cipher, func NewOFB //deprecated #69445
pkg crypto/fips140, func Enabled() bool #70123

      ConnectionSpec
        .Builder(ConnectionSpec.MODERN_TLS)
        .cipherSuites(*arrayOf<CipherSuite>())
        .build()
    }.also { expected ->
      assertThat(expected.message)
        .isEqualTo("At least one cipher suite is required")
    }
  }

  @Test
  fun cleartextBuilder() {
    val cleartextSpec = ConnectionSpec.Builder(false).build()
    assertThat(cleartextSpec.isTls).isFalse()
  }

  @Test

   * 3.0. For responses cached by preceding versions this returns [TlsVersion.SSL_3_0].
   */
  @get:JvmName("tlsVersion") val tlsVersion: TlsVersion,
  /** Returns the cipher suite used for the connection. */
  @get:JvmName("cipherSuite") val cipherSuite: CipherSuite,
  /** Returns a possibly-empty list of certificates that identify this peer. */

The [`jstmpllitinterp` setting](/pkg/html/template#hdr-Security_Model) no longer has
any effect.

Go 1.23 changed the default TLS cipher suites used by clients and servers when
not explicitly configured, removing 3DES cipher suites. The default can be reverted
using the [`tls3des` setting](/pkg/crypto/tls/#Config.CipherSuites).
This setting will be removed in Go 1.27.

  private val handshakeCertificates = platform.localhostHandshakeCertificates()

  /** Ciphers in order we observed directly on the socket. */
  private lateinit var handshakeEnabledCipherSuites: List<String>

  /** Ciphers in order we observed on sslSocketFactory defaults. */
  private lateinit var defaultEnabledCipherSuites: List<String>

  /** Ciphers in order we observed on sslSocketFactory supported. */