internal static bool ShouldOptOutOfTls13(CipherSuitesPolicy policy, EncryptionPolicy encryptionPolicy)
        {
            // if TLS 1.3 was explicitly requested the underlying code will throw
            // if default option (SslProtocols.None) is used we will opt-out of TLS 1.3

            if (encryptionPolicy == EncryptionPolicy.NoEncryption)
            {
                // TLS 1.3 uses different ciphersuite restrictions than previous versions.
                // It has no equivalent to a NoEncryption option.
                return(true);
            }

            if (policy == null)
            {
                // null means default, by default OpenSSL will choose if it wants to opt-out or not
                return(false);
            }

            Debug.Assert(
                policy.Pal._tls13CipherSuites.Length != 0 &&
                policy.Pal._tls13CipherSuites[policy.Pal._tls13CipherSuites.Length - 1] == 0,
                "null terminated string expected");

            // we should opt out only when policy is empty
            return(policy.Pal._tls13CipherSuites.Length == 1);
        }
        internal static bool ShouldOptOutOfLowerThanTls13(CipherSuitesPolicy policy, EncryptionPolicy encryptionPolicy)
        {
            if (policy == null)
            {
                // null means default, by default OpenSSL will choose if it wants to opt-out or not
                return(false);
            }

            Debug.Assert(
                policy.Pal._cipherSuites.Length != 0 &&
                policy.Pal._cipherSuites[policy.Pal._cipherSuites.Length - 1] == 0,
                "null terminated string expected");

            // we should opt out only when policy is empty
            return(policy.Pal._cipherSuites.Length == 1);
        }
        internal static byte[] GetOpenSslCipherSuites(
            CipherSuitesPolicy policy,
            SslProtocols protocols,
            EncryptionPolicy encryptionPolicy)
        {
            if (!WantsTls13(protocols) || policy == null)
            {
                // do not call TLS 1.3 API, let OpenSSL choose what to do
                return(null);
            }

            if (encryptionPolicy == EncryptionPolicy.NoEncryption)
            {
                throw new PlatformNotSupportedException(SR.net_ssl_ciphersuites_policy_not_supported);
            }

            return(policy.Pal._tls13CipherSuites);
        }
        internal static byte[] GetOpenSslCipherList(
            CipherSuitesPolicy policy,
            SslProtocols protocols,
            EncryptionPolicy encryptionPolicy)
        {
            if (IsOnlyTls13(protocols))
            {
                // older cipher suites will be disabled through protocols
                return(null);
            }

            if (policy == null)
            {
                return(CipherListFromEncryptionPolicy(encryptionPolicy));
            }

            if (encryptionPolicy == EncryptionPolicy.NoEncryption)
            {
                throw new PlatformNotSupportedException(SR.net_ssl_ciphersuites_policy_not_supported);
            }

            return(policy.Pal._cipherSuites);
        }