}
        server.securityMode  = buffer[bufferIndex++] & 0xFF;
        server.security      = server.securityMode & 0x01;
        server.encryptedPasswords = ( server.securityMode & 0x02 ) == 0x02;
        server.signaturesEnabled  = ( server.securityMode & 0x04 ) == 0x04;
        server.signaturesRequired = ( server.securityMode & 0x08 ) == 0x08;

    public static final String PROXY_HTTP = "HTTP";

    /**
     * Proxy server host
     */
    private String host;

    /**
     * Username used to access the proxy server
     */
    private String userName;

    /**
     * Password associated with the proxy server
     */
    private String password;

    /**
     * Proxy server port
     */
    private int port;

    /**

  @JvmField
  @RegisterExtension
  val clientTestRule = OkHttpClientTestRule()

  private lateinit var server: MockWebServer

  private lateinit var client: OkHttpClient

  @BeforeEach
  fun setUp(server: MockWebServer) {
    platform.assumeLoom()

    this.server = server

    client =
      clientTestRule.newClientBuilder()
        .dispatcher(Dispatcher(newVirtualThreadPerTaskExecutor()))

			"X-Amz-Server-Side-Encryption":                []string{""},
			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": []string{""},
			"X-Amz-Server-Side-Encryption-Context":        []string{""},
		},
		Expected: true,
	}, // 4
	{
		Header: http.Header{
			"X-Amz-Server-Side-Encryption":                []string{"AES256"},
			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": []string{""},
		},
		Expected: true,
	}, // 5

function start_minio_fs() {
	export MINIO_ROOT_USER=$ACCESS_KEY
	export MINIO_ROOT_PASSWORD=$SECRET_KEY
	"${MINIO[@]}" server "${WORK_DIR}/fs-disk" >"$WORK_DIR/fs-minio.log" 2>&1 &

	"${WORK_DIR}/mc" ready verify
}

function start_minio_erasure() {
	"${MINIO[@]}" server "${WORK_DIR}/erasure-disk1" "${WORK_DIR}/erasure-disk2" "${WORK_DIR}/erasure-disk3" "${WORK_DIR}/erasure-disk4" >"$WORK_DIR/erasure-minio.log" 2>&1 &

	// the MinIO-internal key derivation.
	MetaIV = "X-Minio-Internal-Server-Side-Encryption-Iv"

	// MetaAlgorithm is the algorithm used to derive internal keys
	// and encrypt the objects.
	MetaAlgorithm = "X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm"

	// MetaSealedKeySSEC is the sealed object encryption key in case of SSE-C.
	MetaSealedKeySSEC = "X-Minio-Internal-Server-Side-Encryption-Sealed-Key"

---------------------

The above scenario is representative of most TLS set ups: the client uses certificates to validate
the identity of a server. The converse is also possible. Here we create a server that authenticates
a client and a client that authenticates a server.

```java
// Create the root for client and server to trust. We could also use different roots for each!
HeldCertificate rootCertificate = new HeldCertificate.Builder()

```sh
export MINIO_ROOT_USER=minio
export MINIO_ROOT_PASSWORD=minio13
minio server /data
```

#### Site

```
KEY:
site  label the server and its location

ARGS:
name     (string)    name for the site e.g. "cal-rack0"
region   (string)    name of the location of the server e.g. "us-west-1"
comment  (sentence)  optionally add a comment to this setting
```

or environment variables

| Minimum number of drives per server when server count is 1      | 02            |
| Minimum number of drives per server when server count is 2 or 3 | 01            |
| Minimum number of drives per server when server count is 4      | 01            |
| Maximum number of drives per server                             | no-limit      |
| Read quorum                                                     | N/2           |

     *
     * @return The decrypted server or {@code null}.
     */
    Server getServer();

    /**
     * Gets the decrypted servers.
     *
     * @return The decrypted server, can be empty but never {@code null}.
     */
    List<Server> getServers();

    /**
     * Gets the decrypted proxy. This is a convenience method to retrieve the first element from {@link #getProxies()}.
     *