byte[] nonce3 = gcmContext.generateNonce();

        // Then - Nonces should be unique (SMB3 compliant: random + counter)
        assertFalse(Arrays.equals(nonce1, nonce2), "Nonces should be different");
        assertFalse(Arrays.equals(nonce2, nonce3), "Nonces should be different");
        assertFalse(Arrays.equals(nonce1, nonce3), "Nonces should be different");

        // Nonces should have proper size

          "www.google.com",
          "www.state.pa.us",
          "www4.yahoo.co.uk"
          // keep-sorted end
          );

  private static final ImmutableSet<String> NON_RS =
      ImmutableSet.<String>builder().addAll(NON_PS).addAll(PS_NOT_RS).build();

  private static final ImmutableSet<String> TOP_UNDER_REGISTRY_SUFFIX =
      ImmutableSet.of("google.com", "foo.Co.uk", "foo.ca.us.");

        return metrics;
    }

    /**
     * Generate a unique nonce for encryption following SMB3 specification.
     * Uses SMB3-compliant nonce generation with guaranteed uniqueness.
     *
     * @return nonce appropriate for the dialect (16 bytes for GCM, 12 bytes for CCM)
     */
    public byte[] generateNonce() {
        final byte[] nonce = new byte[isGCMCipher() ? 16 : 12];

        if (isGCMCipher()) {

  @Test fun testDigestChallengeWithStrictRfc2617Header() {
    val headers =
      Headers
        .Builder()
        .add(
          "WWW-Authenticate",
          "Digest realm=\"myrealm\", nonce=\"fjalskdflwejrlaskdfjlaskdjflaks" +
            "jdflkasdf\", qop=\"auth\", stale=\"FALSE\"",
        ).build()
    val challenges = headers.parseChallenges("WWW-Authenticate")
    assertThat(challenges.size).isEqualTo(1)

        });
    }

    @Test
    @DisplayName("Should handle null nonce")
    void testNullNonce() {
        // When/Then
        assertThrows(NullPointerException.class, () -> {
            transformHeader.setNonce(null);
        });
    }

    @Test
    @DisplayName("Should handle invalid nonce length")
    void testInvalidNonceLength() {
        // Given

### Response HTTPS { #https-response }

El TLS Termination Proxy entonces **encriptaría el response** usando la criptografía acordada antes (que comenzó con el certificado para `someapp.example.com`), y lo enviaría de vuelta al navegador.

Luego, el navegador verificaría que el response sea válido y encriptado con la clave criptográfica correcta, etc. Entonces **desencriptaría el response** y lo procesaría.

Si estás usando contenedores (por ejemplo, Docker, Kubernetes), entonces hay dos enfoques principales que puedes usar.

### Múltiples Contenedores { #multiple-containers }

      (b) You must cause any modified files to carry prominent notices
          stating that You changed the files; and

      (c) You must retain, in the Source form of any Derivative Works
          that You distribute, all copyright, patent, trademark, and
          attribution notices from the Source form of the Work,
          excluding those notices that do not pertain to any part of
          the Derivative Works; and

      (b) You must cause any modified files to carry prominent notices
          stating that You changed the files; and

      (c) You must retain, in the Source form of any Derivative Works
          that You distribute, all copyright, patent, trademark, and
          attribution notices from the Source form of the Work,
          excluding those notices that do not pertain to any part of
          the Derivative Works; and

      (b) You must cause any modified files to carry prominent notices
          stating that You changed the files; and

      (c) You must retain, in the Source form of any Derivative Works
          that You distribute, all copyright, patent, trademark, and
          attribution notices from the Source form of the Work,
          excluding those notices that do not pertain to any part of
          the Derivative Works; and