{"$0.5", "$(0.5)"},
	{"$0x7000", "$28672"},
	{"$0x88888eef", "$2290650863"},
	{"$1", "$1"},
	{"$_main<>(SB)", "$_main<>(SB)"},
	{"$argframe(FP)", "$argframe(FP)"},
	{"$runtime·tlsg(SB)", "$runtime.tlsg(SB)"},
	{"$~3", "$-4"},
	{"(-288-3*8)(R1)", "-312(R1)"},
	{"(16)(R7)", "16(R7)"},
	{"(8)(g)", "8(g)"},
	{"(CTR)", "(CTR)"},
	{"(R0)", "(R0)"},
	{"(R3)", "(R3)"},
	{"(R4)", "(R4)"},
	{"(R5)", "(R5)"},

Also, note that the certificate has to contain the `Extended Key Usage: TLS Web Client Authentication`. Otherwise, MinIO would not accept the certificate as client certificate.

Now, the STS certificate-based authentication happens in 4 steps:

- Client sends HTTP `POST` request over a TLS connection hitting the MinIO TLS STS API.
- MinIO verifies that the client certificate is valid.

	public final fun signedBy (Lokhttp3/tls/HeldCertificate;)Lokhttp3/tls/HeldCertificate$Builder;
	public final fun validityInterval (JJ)Lokhttp3/tls/HeldCertificate$Builder;
}

public final class okhttp3/tls/HeldCertificate$Builder$Companion {
}

public final class okhttp3/tls/HeldCertificate$Companion {
	public final fun decode (Ljava/lang/String;)Lokhttp3/tls/HeldCertificate;

      "https://www.googleapis.com/robots.txt",
      "https://graph.facebook.com/robots.txt",
      "https://api.twitter.com/robots.txt",
      "https://connect.squareup.com/robots.txt",
    )

  println("TLS1.3+TLS1.2")
  testClient(urls, buildClient(ConnectionSpec.RESTRICTED_TLS))

  println("\nTLS1.3 only")
  testClient(urls, buildClient(TLS_13))

  println("\nTLS1.3 then fallback")

# in compliance with, at your election, the Elastic License 2.0 or the Server
# Side Public License, v 1.
#

# forcing to use TLS1.2 to avoid failure in vault
# see https://github.com/hashicorp/vault/issues/8750#issuecomment-631236121
systemProp.jdk.tls.client.protocols=TLSv1.2

# java homes resolved by environment variables

      when {
        javaName.startsWith("TLS_") -> "SSL_" + javaName.substring(4)
        javaName.startsWith("SSL_") -> "TLS_" + javaName.substring(4)
        else -> javaName
      }

    /**
     * @param javaName the name used by Java APIs for this cipher suite. Different than the IANA
     *     name for older cipher suites because the prefix is `SSL_` instead of `TLS_`.

  fun fromJavaName(javaName: String): SuiteId =
    suites.firstOrNull {
      it.name == javaName || it.name == "TLS_${javaName.drop(4)}"
    } ?: throw IllegalArgumentException("No such suite: $javaName")
}

suspend fun fetchIanaSuites(okHttpClient: OkHttpClient): IanaSuites {
  val url = "https://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv"

  val call = okHttpClient.newCall(Request(url.toHttpUrl()))

  val suites =

    * 이것이 동일한 TLS Termination Proxy가 인증서 갱신 과정까지 처리할 때 매우 유용한 이유 중 하나입니다.
    * 그렇지 않으면 TLS Termination Proxy를 잠시 중지하고, 갱신 프로그램을 시작해 인증서를 획득한 다음, TLS Termination Proxy에 인증서를 설정하고, 다시 TLS Termination Proxy를 재시작해야 할 수도 있습니다. 이는 TLS Termination Proxy가 꺼져 있는 동안 앱(들)을 사용할 수 없으므로 이상적이지 않습니다.

	return []uint16{
		tls.TLS_CHACHA20_POLY1305_SHA256, // TLS 1.3
		tls.TLS_AES_128_GCM_SHA256,
		tls.TLS_AES_256_GCM_SHA384,
		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, // TLS 1.2 ECDHE GCM / POLY1305
		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,

## Version 3.11.0

_2018-07-12_

 *  **OkHttp's new okhttp-tls submodule tames HTTPS and TLS.**

    `HeldCertificate` is a TLS certificate and its private key. Generate a certificate with its
    builder then use it to sign another certificate or perform a TLS handshake. The
    `certificatePem()` method encodes the certificate in the familiar PEM format