*
 * @author Jared Levy
 */
@GwtIncompatible // suite // TODO(cpovirk): set up collect/gwt/suites version
@NullUnmarked
@AndroidIncompatible // test-suite builders
public class MultisetsCollectionTest extends TestCase {
  public static Test suite() {
    TestSuite suite = new TestSuite();

    suite.addTest(
        MultisetTestSuiteBuilder.using(unmodifiableMultisetGenerator())

   * order for a socket to be compatible the enabled cipher suites and protocols must intersect.
   *
   * For cipher suites, at least one of the [required cipher suites][cipherSuites] must match the
   * socket's enabled cipher suites. If there are no required cipher suites the socket must have at
   * least one cipher suite enabled.
   *

versions](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-tls-version/) and [cipher suites](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-cipher-suite/) to offer. A client that wants to maximize connectivity would include obsolete TLS versions and weak-by-design cipher suites. A strict client that wants to maximize security would be limited to only the latest TLS version and strongest cipher suites.

Specific security vs. connectivity decisions are implemented by [ConnectionSpe...

  return SuiteId(id, matcher.groupValues[3])
}

class IanaSuites(
  val name: String,
  val suites: List<SuiteId>,
) {
  fun fromJavaName(javaName: String): SuiteId =
    suites.firstOrNull {
      it.name == javaName || it.name == "TLS_${javaName.drop(4)}"
    } ?: throw IllegalArgumentException("No such suite: $javaName")
}

suspend fun fetchIanaSuites(okHttpClient: OkHttpClient): IanaSuites {

---

<a name="tlsv13_only"></a>
#### ¹ TLSv1.3 Only

Cipher suites that are only available with TLSv1.3.

<a name="http2_naughty"></a>
#### ² HTTP/2 Cipher Suite Denylist

Cipher suites that are [discouraged for use][http2_denylist] with HTTP/2. OkHttp includes them because better suites are not commonly available. For example, none of the better cipher suites listed above shipped with Android 4.4 or Java 7.

  static TestSuite tests(String name, ByteSinkFactory factory) {
    TestSuite suite = new TestSuite(name);
    for (Entry<String, String> entry : TEST_STRINGS.entrySet()) {
      String desc = entry.getKey();
      TestSuite stringSuite = suiteForString(name, factory, entry.getValue(), desc);
      suite.addTest(stringSuite);
    }
    return suite;
  }

  private static TestSuite suiteForString(

  static TestSuite tests(String name, ByteSinkFactory factory) {
    TestSuite suite = new TestSuite(name);
    for (Entry<String, String> entry : TEST_STRINGS.entrySet()) {
      String desc = entry.getKey();
      TestSuite stringSuite = suiteForString(name, factory, entry.getValue(), desc);
      suite.addTest(stringSuite);
    }
    return suite;
  }

  private static TestSuite suiteForString(

 *
 * @author Jared Levy
 */
@GwtIncompatible // suite // TODO(cpovirk): set up collect/gwt/suites version
@NullUnmarked
@AndroidIncompatible // test-suite builders
public class MultisetsCollectionTest extends TestCase {
  public static Test suite() {
    TestSuite suite = new TestSuite();

    suite.addTest(
        MultisetTestSuiteBuilder.using(unmodifiableMultisetGenerator())

  /**
   * To avoid infinite recursion, test suites with these marker features won't have derived suites
   * created for them.
   */
  enum NoRecurse implements Feature<@Nullable Void> {
    SUBMAP,
    DESCENDING;

    @Override
    public Set<Feature<? super @Nullable Void>> getImpliedFeatures() {
      return emptySet();
    }
  }

  /**
   * Creates a suite whose map has some elements filtered out of view.

    // Configure cipher suites to demonstrate how to customize which cipher suites will be used for
    // an OkHttp request. In order to be selected a cipher suite must be included in both OkHttp's
    // connection spec and in the SSLSocket's enabled cipher suites array. Most applications should
    // not customize the cipher suites list.
    List<CipherSuite> customCipherSuites = asList(