{"$0.5", "$(0.5)"},
	{"$0x7000", "$28672"},
	{"$0x88888eef", "$2290650863"},
	{"$1", "$1"},
	{"$_main<>(SB)", "$_main<>(SB)"},
	{"$argframe(FP)", "$argframe(FP)"},
	{"$runtime·tlsg(SB)", "$runtime.tlsg(SB)"},
	{"$~3", "$-4"},
	{"(-288-3*8)(R1)", "-312(R1)"},
	{"(16)(R7)", "16(R7)"},
	{"(8)(g)", "8(g)"},
	{"(CTR)", "(CTR)"},
	{"(R0)", "(R0)"},
	{"(R3)", "(R3)"},
	{"(R4)", "(R4)"},
	{"(R5)", "(R5)"},

Also, note that the certificate has to contain the `Extended Key Usage: TLS Web Client Authentication`. Otherwise, MinIO would not accept the certificate as client certificate.

Now, the STS certificate-based authentication happens in 4 steps:

- Client sends HTTP `POST` request over a TLS connection hitting the MinIO TLS STS API.
- MinIO verifies that the client certificate is valid.

	public final fun signedBy (Lokhttp3/tls/HeldCertificate;)Lokhttp3/tls/HeldCertificate$Builder;
	public final fun validityInterval (JJ)Lokhttp3/tls/HeldCertificate$Builder;
}

public final class okhttp3/tls/HeldCertificate$Builder$Companion {
}

public final class okhttp3/tls/HeldCertificate$Companion {
	public final fun decode (Ljava/lang/String;)Lokhttp3/tls/HeldCertificate;

      "https://www.googleapis.com/robots.txt",
      "https://graph.facebook.com/robots.txt",
      "https://api.twitter.com/robots.txt",
      "https://connect.squareup.com/robots.txt",
    )

  println("TLS1.3+TLS1.2")
  testClient(urls, buildClient(ConnectionSpec.RESTRICTED_TLS))

  println("\nTLS1.3 only")
  testClient(urls, buildClient(TLS_13))

  println("\nTLS1.3 then fallback")

apiVersion: v1
clusters:
- cluster:
    insecure-skip-tls-verify: true
    server: https://10.96.0.1:443
  name: local
contexts:
- context:
    cluster: local
    user: istio-cni
  name: istio-cni-context
current-context: istio-cni-context
kind: Config
preferences: {}
users:
- name: istio-cni
  user:

John Howard <******@****.***> 1684290142 -0700

    return suites.firstOrNull {
      it.name == javaName || it.name == "TLS_${javaName.drop(4)}"
    } ?: throw IllegalArgumentException("No such suite: $javaName")
  }
}

suspend fun fetchIanaSuites(okHttpClient: OkHttpClient): IanaSuites {
  val url = "https://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv"

  val call = okHttpClient.newCall(Request(url.toHttpUrl()))

  val suites =

      return when {
        javaName.startsWith("TLS_") -> "SSL_" + javaName.substring(4)
        javaName.startsWith("SSL_") -> "TLS_" + javaName.substring(4)
        else -> javaName
      }
    }

    /**
     * @param javaName the name used by Java APIs for this cipher suite. Different than the IANA
     *     name for older cipher suites because the prefix is `SSL_` instead of `TLS_`.

## Version 3.11.0

_2018-07-12_

 *  **OkHttp's new okhttp-tls submodule tames HTTPS and TLS.**

    `HeldCertificate` is a TLS certificate and its private key. Generate a certificate with its
    builder then use it to sign another certificate or perform a TLS handshake. The
    `certificatePem()` method encodes the certificate in the familiar PEM format

			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
		}
	}
	return []uint16{
		tls.TLS_CHACHA20_POLY1305_SHA256, // TLS 1.3
		tls.TLS_AES_128_GCM_SHA256,
		tls.TLS_AES_256_GCM_SHA384,
		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, // TLS 1.2
		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,