import okhttp3.internal.platform.Platform
import org.conscrypt.Conscrypt

// TLS 1.3
private val TLS13_CIPHER_SUITES =
  listOf(
    CipherSuite.TLS_AES_128_GCM_SHA256,
    CipherSuite.TLS_AES_256_GCM_SHA384,
    CipherSuite.TLS_CHACHA20_POLY1305_SHA256,
    CipherSuite.TLS_AES_128_CCM_SHA256,
    CipherSuite.TLS_AES_128_CCM_8_SHA256,
  )

/**
 * A TLS 1.3 only Connection Spec. This will be eventually be exposed

 * **Challenge**: authParams, charset, realm, scheme
 * **CipherSuite**: javaName
 * **ConnectionSpec**: cipherSuites, supportsTlsExtensions, tlsVersions
 * **Cookie**: domain, expiresAt, hostOnly, httpOnly, name, path, persistent, value
 * **Dispatcher**: executorService
 * **FormBody**: size
 * **Handshake**: cipherSuite, localCertificates, localPrincipal, peerCertificates, peerPrincipal,
   tlsVersion

            return
          }

          // https://timothybasanov.com/2016/05/26/java-pre-master-secret.html
          // https://security.stackexchange.com/questions/35639/decrypting-tls-in-wireshark-when-using-dhe-rsa-ciphersuites
          // https://stackoverflow.com/questions/36240279/how-do-i-extract-the-pre-master-secret-using-an-openssl-based-client

          // TLSv1.2 Events
          // Produced ClientHello handshake message

```java
ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
    .tlsVersions(TlsVersion.TLS_1_2)
    .cipherSuites(
          CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
          CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
          CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)
    .build();

OkHttpClient client = new OkHttpClient.Builder()

}

public final class okhttp3/CipherSuite {
	public static final field Companion Lokhttp3/CipherSuite$Companion;
	public static final field TLS_AES_128_CCM_8_SHA256 Lokhttp3/CipherSuite;
	public static final field TLS_AES_128_CCM_SHA256 Lokhttp3/CipherSuite;
	public static final field TLS_AES_128_GCM_SHA256 Lokhttp3/CipherSuite;
	public static final field TLS_AES_256_GCM_SHA384 Lokhttp3/CipherSuite;

}

public final class okhttp3/CipherSuite {
	public static final field Companion Lokhttp3/CipherSuite$Companion;
	public static final field TLS_AES_128_CCM_8_SHA256 Lokhttp3/CipherSuite;
	public static final field TLS_AES_128_CCM_SHA256 Lokhttp3/CipherSuite;
	public static final field TLS_AES_128_GCM_SHA256 Lokhttp3/CipherSuite;
	public static final field TLS_AES_256_GCM_SHA384 Lokhttp3/CipherSuite;

HSPLokhttp3/CipherSuite$Companion$ORDER_BY_NAME$1;-><init>()V
HSPLokhttp3/CipherSuite$Companion$ORDER_BY_NAME$1;->compare(Ljava/lang/Object;Ljava/lang/Object;)I
HSPLokhttp3/CipherSuite$Companion;-><init>(Landroidx/lifecycle/viewmodel/R$id;)V
HSPLokhttp3/CipherSuite$Companion;->access$init(Lokhttp3/CipherSuite$Companion;Ljava/lang/String;I)Lokhttp3/CipherSuite;

Go 1.23 changed the default TLS cipher suites used by clients and servers when
not explicitly configured, removing 3DES cipher suites. The default can be reverted
using the [`tls3des` setting](/pkg/crypto/tls/#Config.CipherSuites).

Go 1.23 changed the behavior of [`tls.X509KeyPair`](/pkg/crypto/tls#X509KeyPair)
and [`tls.LoadX509KeyPair`](/pkg/crypto/tls#LoadX509KeyPair) to populate the

# CL 107400043 crypto/tls: Added dynamic alternative to NameToCertificate map for SNI, Percy Wegmann <******@****.***>
pkg crypto/tls, type ClientHelloInfo struct
pkg crypto/tls, type ClientHelloInfo struct, CipherSuites []uint16
pkg crypto/tls, type ClientHelloInfo struct, ServerName string
pkg crypto/tls, type ClientHelloInfo struct, SupportedCurves []CurveID
pkg crypto/tls, type ClientHelloInfo struct, SupportedPoints []uint8

     */
    @JvmStatic
    @Synchronized fun forJavaName(javaName: String): CipherSuite {
      var result: CipherSuite? = INSTANCES[javaName]
      if (result == null) {
        result = INSTANCES[secondaryName(javaName)]

        if (result == null) {
          result = CipherSuite(javaName)
        }

        // Add the new cipher suite, or a confirmed alias.