* the server.
     */
    int NTLMSSP_REQUEST_TARGET = 0x00000004;

    /**
     * Specifies that communication across the authenticated channel
     * should carry a digital signature (message integrity).
     */
    int NTLMSSP_NEGOTIATE_SIGN = 0x00000010;

    /**
     * Specifies that communication across the authenticated channel
     * should be encrypted (message confidentiality).
     */

    * the server.
    */
    int NTLMSSP_REQUEST_TARGET = 0x00000004;

    /**
    * Specifies that communication across the authenticated channel
    * should carry a digital signature (message integrity).
    */
    int NTLMSSP_NEGOTIATE_SIGN = 0x00000010;

    /**
    * Specifies that communication across the authenticated channel
    * should be encrypted (message confidentiality).
    */

Then, using the certificate, the client and the TLS Termination Proxy **decide how to encrypt** the rest of the **TCP communication**. This completes the **TLS Handshake** part.

After this, the client and the server have an **encrypted TCP connection**, this is what TLS provides. And then they can use that connection to start the actual **HTTP communication**.

        data[15] = 0x00; // type = 0
        data[16] = 40;
        data[17] = 0;
        data[18] = 0;
        data[19] = 0; // remark offset

        // Entry 2: IPC$, type 3 (IPC), remark "Inter-Process Communication"
        System.arraycopy("IPC$".getBytes(StandardCharsets.US_ASCII), 0, data, 20, 4);
        data[34] = 0x03;
        data[35] = 0x00; // type = 3
        data[36] = 60;
        data[37] = 0;
        data[38] = 0;

Then, the browser will send an HTTP `OPTIONS` request to the `:80`-backend, and if the backend sends the appropriate headers authorizing the communication from this different origin (`http://localhost:8080`) then the `:8080`-browser will let the JavaScript in the frontend send its request to the `:80`-backend.

To achieve this, the `:80`-backend must have a list of "allowed origins".

import jcifs.SmbPipeResource;
import jcifs.smb.SmbNamedPipe;
import jcifs.smb.SmbPipeHandleInternal;
import jcifs.util.Encdec;

/**
 * DCE/RPC handle implementation for named pipe communications.
 * This class provides DCE/RPC communication over SMB named pipes.
 */
public class DcerpcPipeHandle extends DcerpcHandle {

    /* This 0x20000 bit is going to get chopped! */

    private final DcerpcHandle handle;
    private boolean opened;

    /**
     * Creates a new SAM alias handle.
     *
     * @param handle the DCE/RPC handle for communication
     * @param domainHandle the domain handle containing this alias
     * @param access the desired access rights
     * @param rid the relative identifier of the alias

### OAuth 1 { #oauth-1 }

There was an OAuth 1, which is very different from OAuth2, and more complex, as it included direct specifications on how to encrypt the communication.

It is not very popular or used nowadays.

OAuth2 doesn't specify how to encrypt the communication, it expects you to have your application served with HTTPS.

/// tip

 */
package jcifs.ntlmssp.av;

/**
 * NTLMSSP AV pair representing channel binding information for enhanced security.
 * Used to bind NTLM authentication to specific communication channels.
 *
 * @author mbechler
 */
public class AvChannelBindings extends AvPair {

    /**
     * Constructs an AV channel bindings pair
     * @param channelBindingHash the channel binding hash value

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

package jcifs.dcerpc.ndr;

/**
 * Base class for NDR (Network Data Representation) objects used in DCE/RPC communication.
 * This abstract class defines the interface for encoding and decoding NDR data types.
 */
public abstract class NdrObject {

    /**
     * Default constructor for NDR object
     */
    public NdrObject() {