isTlsFallback = false,
    )
  }

  /**
   * Returns a request that creates a TLS tunnel via an HTTP proxy. Everything in the tunnel request
   * is sent unencrypted to the proxy server, so tunnels include only the minimum set of headers.
   * This avoids sending potentially sensitive data like HTTP cookies to the proxy unencrypted.
   *
   * In order to support preemptive authentication we pass a fake "Auth Failed" response to the

  providers:
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/master' || contains(github.event.pull_request.labels.*.name, 'providers')
    strategy:
      matrix:
        include:
          - provider: openjsse
            java-version: 8
          - provider: bouncycastle
            java-version: 21
          - provider: corretto
            java-version: 21

needs to know which [TLS versions](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-tls-version/) and [cipher suites](https://square.github.io/okhttp/5.x/okhttp/okhttp3/-cipher-suite/) to offer. A client that wants to maximize connectivity would include obsolete TLS versions and weak-by-design cipher suites. A strict client that wants to maximize security would be limited to only the latest TLS version and strongest cipher suites.

Specific security vs. connectivity decisions are implemented...

                assertSame(ldapUser, userBean.get().getFessUser());
            }
        }, "activityHelper");

        String[] permissions = ldapUser.getPermissions();

        // Verify permissions include both LDAP roles and user permission
        assertNotNull(permissions);
        assertEquals(3, permissions.length);
        assertEquals("Rgroup1", permissions[0]);
        assertEquals("Rgroup2", permissions[1]);

        assertEquals("http://example.com/100%25/done", result);
    }

    @Test
    public void test_encodeUrl_curlyBraces() {
        // CharUtil.isUrlChar does NOT include { }, so they get percent-encoded
        String result = DocumentUtil.encodeUrl("http://example.com/{id}");
        assertEquals("http://example.com/%7Bid%7D", result);
    }

    @Test

        CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
        // Note that the following cipher suites are all on HTTP/2's bad cipher suites list. We'll
        // continue to include them until better suites are commonly available.
        CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
        CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
        CipherSuite.TLS_RSA_WITH_AES_128_GCM_SHA256,

    void iterationSkipsDotAndDotDot() throws Exception {
        // Arrange
        stubAcquireReturnsSelf();
        FileEntry initial = entry("a");
        // Include entries that should be skipped by internal filter
        FileEntry[] page1 = new FileEntry[] { entry("."), entry(".."), entry("b") };

/*
 * Written by Doug Lea with assistance from members of JCP JSR-166
 * Expert Group and released to the public domain, as explained at
 * http://creativecommons.org/publicdomain/zero/1.0/
 * Other contributors include Andrew Wright, Jeffrey Hayes,
 * Pat Fisher, Mike Judd.
 */

/*
 * Source:
 * http://gee.cs.oswego.edu/cgi-bin/viewcvs.cgi/jsr166/src/test/tck/JSR166TestCase.java?revision=1.90

 * Sessions are thread-safe and can be obtained in session-scoped components using the
 * {@link org.apache.maven.api.di.SessionScoped} annotation.</p>
 *
 * <p>Key capabilities provided through the Session include:</p>
 * <ul>
 *   <li>Access to the current {@link org.apache.maven.api.Project}</li>
 *   <li>Access to the {@link org.apache.maven.api.LocalRepository} and {@link org.apache.maven.api.RemoteRepository} configurations</li>

// Code generated by avx512test. DO NOT EDIT.

#include "../../../../../../runtime/textflag.h"

TEXT asmtest_avx512cd(SB), NOSPLIT, $0
	VPBROADCASTMB2Q K1, X25                            // 6262fe082ac9
	VPBROADCASTMB2Q K5, X25                            // 6262fe082acd
	VPBROADCASTMB2Q K1, X11                            // 6272fe082ad9
	VPBROADCASTMB2Q K5, X11                            // 6272fe082add