problems. If your service has multiple IP addresses, OkHttp will attempt alternate addresses if the
first connect fails. This is necessary for IPv4+IPv6 and services hosted in redundant data
centers. OkHttp supports modern TLS features (TLS 1.3, ALPN, certificate pinning). It can be
configured to fall back for broad connectivity.

Using OkHttp is easy. Its request/response API is designed with fluent builders and immutability. It

	consoleapi.Port = globalMinioConsolePort
	consoleapi.Hostname = globalMinioConsoleHost

	if globalIsTLS {
		// If TLS certificates are provided enforce the HTTPS.
		server.EnabledListeners = []string{"https"}
		server.TLSPort = consolePort
		// Need to store tls-port, tls-host un config variables so secure.middleware can read from there
		consoleapi.TLSPort = globalMinioConsolePort

    call: Call,
    inetSocketAddress: InetSocketAddress,
    proxy: Proxy,
  ) {
  }

  /**
   * Invoked just prior to initiating a TLS connection.
   *
   * This method is invoked if the following conditions are met:
   *
   *  * The [Call.request] requires TLS.
   *
   *  * No existing connection from the [ConnectionPool] can be reused.
   *

    // System.setProperty("jdk.tls.client.enableSessionTicketExtension", "true")
    // System.setProperty("jdk.tls.server.enableSessionTicketExtension", "true")

    platform.assumeJdk9()
  }

  @Test
  fun testTlsv13Works() {
    // https://docs.oracle.com/en/java/javase/14/security/java-secure-socket-extension-jsse-reference-guide.html
    // TODO test jdk.tls.client.enableSessionTicketExtension

 */
package okhttp3.recipes.kt

import java.io.IOException
import java.security.cert.X509Certificate
import okhttp3.OkHttpClient
import okhttp3.Request.Builder
import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.decodeCertificatePem

class CustomTrust {
  // PEM files for root certificates of Comodo and Entrust. These two CAs are sufficient to view

```
MINIO_LAMBDA_WEBHOOK_ENABLE_function=on MINIO_LAMBDA_WEBHOOK_ENDPOINT_function=http://localhost:5000 MINIO_LAMBDA_WEBHOOK_AUTH_TOKEN="mytoken" minio server /data &
```

### Lambda Target with mTLS authentication

If your lambda target expects mTLS client you can enable it per function target as follows
```

	if err != nil {
		return nil, err
	}

	secure := strings.EqualFold(u.Scheme, "https")
	transport, err := minio.DefaultTransport(secure)
	if err != nil {
		return nil, err
	}
	if insecure {
		// skip TLS verification
		transport.TLSClientConfig.InsecureSkipVerify = true
	}

	clnt, err := minio.New(u.Host, &minio.Options{
		Creds:     credentials.NewStaticV4(accessKey, secretKey, ""),
		Secure:    secure,

    "config:recommended",
    ":dependencyDashboard"
  ],
  "semanticCommits": "disabled",
  "labels": [
    "renovate"
  ],
  "ignoreDeps": [
    "com.squareup.okhttp3:okhttp",
    "com.squareup.okhttp3:okhttp-tls",
    "com.squareup.okhttp3:mockwebserver"
  ],
  "packageRules": [
    {
      "groupName": "bnd",
      "matchPackageNames": [
        "/biz.*/"
      ]
    },
    {
      "groupName": "graalvm",

    } ?: throw IllegalArgumentException("No such suite: $javaName")
}

suspend fun fetchIanaSuites(okHttpClient: OkHttpClient): IanaSuites {
  val url = "https://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv"

  val call = okHttpClient.newCall(Request(url.toHttpUrl()))

  val suites =
    call.executeAsync().use {
      if (!it.isSuccessful) {

 * Do not confuse this class with the misnamed `HttpURLConnection`, which isn't so much a connection
 * as a single request/response exchange.
 *
 * ## Modern TLS
 *
 * There are trade-offs when selecting which options to include when negotiating a secure connection
 * to a remote host. Newer TLS options are quite useful:
 *
 *  * Server Name Indication (SNI) enables one IP address to negotiate secure connections for
 *    multiple domain names.
 *