* See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3

/**
 * Versions of TLS that can be offered when negotiating a secure socket. See
 * [javax.net.ssl.SSLSocket.setEnabledProtocols].
 */
enum class TlsVersion(
  @get:JvmName("javaName") val javaName: String,
) {
  TLS_1_3("TLSv1.3"), // 2016.

	MOVW	foo+32323(SP)(AX*1), DX		// 668b9404437e0000
	MOVB	foo(SP)(AX*2), AL		// 8a0444
	MOVB	foo+32(SP)(CX*4), AH		// 8a648c20
	MOVB	foo+32323(SP)(CX*8), R9		// 448a8ccc437e0000

// Tests for TLS reference.
	MOVQ	(TLS), AX
	MOVQ	8(TLS), DX

// LTYPE0 nonnon	{ outcode($1, &$2); }
	RET // c3

sasl_mechanism   (string)    sasl authentication mechanism, default 'plain'
tls_client_auth  (string)    clientAuth determines the Kafka server's policy for TLS client auth
sasl             (on|off)    set to 'on' to enable SASL authentication
tls              (on|off)    set to 'on' to enable TLS
tls_skip_verify  (on|off)    trust server TLS without verification, defaults to "on" (verify)
client_tls_cert  (path)      path to client certificate for mTLS auth

import okhttp3.internal.platform.android.DeferredSocketAdapter
import okhttp3.internal.platform.android.StandardAndroidSocketAdapter
import okhttp3.internal.tls.BasicTrustRootIndex
import okhttp3.internal.tls.CertificateChainCleaner
import okhttp3.internal.tls.TrustRootIndex

/** Android 5 to 9 (API 21 to 28). */
@SuppressSignatureCheck
class AndroidPlatform :
  Platform(),
  ContextAwarePlatform {

import java.io.IOException;
import java.security.cert.X509Certificate;
import okhttp3.Headers;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.tls.Certificates;
import okhttp3.tls.HandshakeCertificates;

public final class CustomTrust {
  // PEM files for root certificates of Comodo and Entrust. These two CAs are sufficient to view

### Certificate Directory

TLS certificates by default are expected to be stored under ``${HOME}/.minio/certs`` directory. You need to place certificates here to enable `HTTPS` based access. Read more about [How to secure access to MinIO server with TLS](https://docs.min.io/community/minio-object-store/operations/network-encryption.html).

Following is a sample directory structure for MinIO server with TLS certificates.

```sh

import kotlin.test.assertFailsWith
import mockwebserver3.MockResponse
import mockwebserver3.MockWebServer
import mockwebserver3.junit5.StartStop
import okhttp3.testing.PlatformRule
import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.HeldCertificate
import org.junit.jupiter.api.BeforeEach
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.RegisterExtension

class InsecureForHostTest {

import okhttp3.Request
import okhttp3.internal.http2.ConnectionShutdownException
import okhttp3.testing.Flaky
import okhttp3.testing.PlatformRule
import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.HeldCertificate
import okhttp3.tls.internal.TlsUtil.newKeyManager
import okhttp3.tls.internal.TlsUtil.newTrustManager
import org.junit.jupiter.api.BeforeEach
import org.junit.jupiter.api.Tag
import org.junit.jupiter.api.Test

import okhttp3.HttpUrl.Companion.toHttpUrl
import okhttp3.OkHttpClientTestRule
import okhttp3.Request
import okhttp3.testing.PlatformRule
import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.HeldCertificate
import okhttp3.tls.internal.TlsUtil.localhost
import org.junit.jupiter.api.Test
import org.junit.jupiter.api.extension.RegisterExtension

class MockResponseSniTest {
  @RegisterExtension

    when {
      matchesSocket(sslSocket) -> Conscrypt.getApplicationProtocol(sslSocket)
      else -> null // No TLS extensions if the socket class is custom.
    }

  override fun configureTlsExtensions(
    sslSocket: SSLSocket,
    hostname: String?,
    protocols: List<Protocol>,
  ) {
    // No TLS extensions if the socket class is custom.
    if (matchesSocket(sslSocket)) {
      // Enable session tickets.