if !features.EnableQUICListeners {
		return false
	}
	p := protocol.Parse(server.Port.Protocol)
	return p == protocol.HTTPS && !IsPassThroughServer(server)
}

// IsPassThroughServer returns true if this server does TLS passthrough (auto or manual)
func IsPassThroughServer(server *v1alpha3.Server) bool {
	if server.Tls == nil {
		return false
	}

	if server.Tls.Mode == v1alpha3.ServerTLSSettings_PASSTHROUGH ||

			},
			expected: false,
		},
	}
	for _, tc := range cases {
		t.Run(tc.name, func(t *testing.T) {
			actual := IsPassThroughServer(tc.server)
			if actual != tc.expected {
				t.Errorf("IsPassThroughServer(%s) => %t, want %t",
					tc.server, actual, tc.expected)
			}
		})
	}
}

func TestIsTCPServerWithTLSTermination(t *testing.T) {
	cases := []struct {

) *tls.DownstreamTlsContext {
	// Server.TLS cannot be nil or passthrough. But as a safety guard, return nil
	if server.Tls == nil || gateway.IsPassThroughServer(server) {
		return nil // We don't need to setup TLS context for passthrough mode
	}

	server.Tls.CipherSuites = security.FilterCipherSuites(server.Tls.CipherSuites)

	if server.Bind != "" {
		bind = "." + server.Bind
	}
	if p.IsHTTP() {
		return "http" + "." + strconv.Itoa(int(portNumber)) + bind // Format: http.%d.%s
	}

	if p == protocol.HTTPS && !gateway.IsPassThroughServer(server) {
		return "https" + "." + strconv.Itoa(int(server.Port.Number)) + "." +
			server.Port.Name + "." + cfg.Name + "." + cfg.Namespace + bind // Format: https.%d.%s.%s.%s.%s
	}

	return ""
}

		} else if !p.IsTLS() && server.Tls != nil {
			// only tls redirect is allowed if this is a HTTP server
			if p.IsHTTP() {
				if !gateway.IsPassThroughServer(server) ||
					server.Tls.CaCertificates != "" || server.Tls.PrivateKey != "" || server.Tls.ServerCertificate != "" {
					v = AppendValidation(v, fmt.Errorf("server cannot have TLS settings for plain text HTTP ports"))