drawing/x-dwf                  dwf              # AutoCAD
image/gif                      gif              # GIF image file
image/ief                      ief              # Image Exchange
image/jpeg                     jpeg jpg jpe     # JPG image file
image/png                      png              # Portable Network Graphics
image/tiff                     tiff tif         # TIFF image file

 * [connection pool][ConnectionPool].
 *
 * Do not confuse this class with the misnamed `HttpURLConnection`, which isn't so much a connection
 * as a single request/response exchange.
 *
 * ## Modern TLS
 *
 * There are trade-offs when selecting which options to include when negotiating a secure connection
 * to a remote host. Newer TLS options are quite useful:
 *

    )
  }

  fun newChain(call: RealCall): RealInterceptorChain {
    return RealInterceptorChain(
      call = call,
      interceptors = listOf(),
      index = 0,
      exchange = null,
      request = call.request(),
      connectTimeoutMillis = 10_000,
      readTimeoutMillis = 10_000,
      writeTimeoutMillis = 10_000,
    )
  }

  fun newRoutePlanner(

    /**
     * Indicates that 128-bit encryption is supported.
     */
    public static final int NTLMSSP_NEGOTIATE_128 = 0x20000000;

    /**
     * Request explicit key exchange
     */
    public static final int NTLMSSP_NEGOTIATE_KEY_EXCH = 0x40000000;

    /**
     * Indicates that 56-bit encryption is supported.
     */

OkHttp
======

See the [project website][okhttp] for documentation and APIs.

HTTP is the way modern applications network. It’s how we exchange data & media. Doing HTTP
efficiently makes your stuff load faster and saves bandwidth.

OkHttp is an HTTP client that’s efficient by default:

 * HTTP/2 support allows all requests to the same host to share a socket.
 * Connection pooling reduces request latency (if HTTP/2 isn’t available).

sftp>
```

## Advanced options

### Change default FTP port

Default port '8021' can be changed via

```
--ftp="address=:3021"
```

### Change FTP passive port range

By default FTP requests OS to give a free port automatically, however you may want to restrict

			MinVersion:         tls.VersionTLS12,
			NextProtos:         []string{"h2", "http/1.1"},
			ClientSessionCache: tls.NewLRUClientSessionCache(100),
			CipherSuites:       fips.TLSCiphersBackwardCompatible(), // Contains RSA key exchange
			RootCAs:            rootCAs,
		},
	}

	// Parse explicitly set enable=on/off flag.
	isEnableFlagExplicitlySet := false
	if v := getCfgVal(config.Enable); v != "" {
		isEnableFlagExplicitlySet = true

				return &credentials.WebIdentityToken{
					Token: r.Form.Get("id_token"),
				}, nil
			}
		} else {
			getWebTokenExpiry = func() (*credentials.WebIdentityToken, error) {
				oauth2Token, err := config.Exchange(ctx, r.URL.Query().Get("code"))
				if err != nil {
					return nil, err
				}
				if !oauth2Token.Valid() {
					return nil, errors.New("invalid token")
				}

				return &credentials.WebIdentityToken{

	// code, which we now have in `lastReq`. Exchange it for a JWT id_token.
	q := lastReq.URL.Query()
	// fmt.Printf("lastReq.URL: %#v q: %#v\n", lastReq.URL, q)
	code := q.Get("code")
	oauth2Token, err := oauth2Config.Exchange(ctx, code)
	if err != nil {
		return "", fmt.Errorf("unable to exchange code for id token: %v", err)
	}

Go 1.23 enabled the experimental post-quantum key exchange mechanism
X25519Kyber768Draft00 by default. The default can be reverted using the
[`tlskyber` setting](/pkg/crypto/tls/#Config.CurvePreferences).

Go 1.23 changed the behavior of
[crypto/x509.ParseCertificate](/pkg/crypto/x509/#ParseCertificate) to reject
serial numbers that are negative. This change can be reverted with