你可以用作 TLS 终止代理的一些选项包括：

* Traefik（也可以处理证书更新）
* Caddy（也可以处理证书更新）
* Nginx
* HAProxy

## Let's Encrypt

在 Let's Encrypt 之前，这些 **HTTPS 证书** 由受信任的第三方出售。

过去，获得这些证书的过程非常繁琐，需要大量的文书工作，而且证书非常昂贵。

但随后 **<a href="https://letsencrypt.org/" class="external-link" target="_blank">Let's Encrypt</a>** 创建了。

它是 Linux 基金会的一个项目。 它以自动方式免费提供 **HTTPS 证书**。 这些证书可以使用所有符合标准的安全加密，并且有效期很短（大约 3 个月），因此**安全性实际上更好**，因为它们的生命周期缩短了。

pkg crypto, method (Hash) String() string
pkg crypto/ecdsa, func SignASN1(io.Reader, *PrivateKey, []uint8) ([]uint8, error)
pkg crypto/ecdsa, func VerifyASN1(*PublicKey, []uint8, []uint8) bool
pkg crypto/ecdsa, method (*PrivateKey) Equal(crypto.PrivateKey) bool
pkg crypto/ecdsa, method (*PublicKey) Equal(crypto.PublicKey) bool
pkg crypto/ed25519, method (PrivateKey) Equal(crypto.PrivateKey) bool

	AmzFwdHeaderSSE                   = "x-amz-fwd-header-x-amz-server-side-encryption"
	AmzFwdHeaderSSEC                  = "x-amz-fwd-header-x-amz-server-side-encryption-customer-algorithm"
	AmzFwdHeaderSSEKMSID              = "x-amz-fwd-header-x-amz-server-side-encryption-aws-kms-key-id"
	AmzFwdHeaderSSECMD5               = "x-amz-fwd-header-x-amz-server-side-encryption-customer-key-MD5"

import org.apache.maven.api.cli.ParserException;
import org.apache.maven.api.cli.ParserRequest;

/**
 * Defines the contract for parsing encryption-related command-line arguments and creating an EncryptInvokerRequest.
 * This interface extends the general {@link Parser} interface, specializing it for encryption operations.
 *
 * @since 4.0.0
 */
@Experimental
public interface EncryptParser extends Parser<EncryptInvokerRequest> {
    /**

- **Removing a site** is not allowed from a set of replicated sites once configured.
- All sites must be using the **same** external IDP(s) if any.

	// SSE-C errors
	{err: crypto.ErrInvalidCustomerAlgorithm, errCode: ErrInvalidSSECustomerAlgorithm},
	{err: crypto.ErrMissingCustomerKey, errCode: ErrMissingSSECustomerKey},
	{err: crypto.ErrInvalidCustomerKey, errCode: ErrAccessDenied},
	{err: crypto.ErrMissingCustomerKeyMD5, errCode: ErrMissingSSECustomerKeyMD5},
	{err: crypto.ErrCustomerKeyMD5Mismatch, errCode: ErrSSECustomerKeyMD5Mismatch},

import jcifs.smb.SmbTransportInternal;


/**
 * This servlet Filter can be used to negotiate password hashes with
 * MSIE clients using NTLM SSP. This is similar to <tt>Authentication:
 * BASIC</tt> but weakly encrypted and without requiring the user to re-supply
 * authentication credentials.
 * <p>
 * Read <a href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and the Network Explorer Servlet</a> for
 * complete details.
 * 

pkg crypto/tls, const QUICResumeSession = 8 #63691
pkg crypto/tls, const QUICResumeSession QUICEventKind #63691
pkg crypto/tls, const QUICStoreSession = 9 #63691
pkg crypto/tls, const QUICStoreSession QUICEventKind #63691
pkg crypto/tls, method (*ECHRejectionError) Error() string #63369
pkg crypto/tls, method (*QUICConn) StoreSession(*SessionState) error #63691

pkg crypto/tls, const QUICEncryptionLevelHandshake QUICEncryptionLevel #44886
pkg crypto/tls, const QUICEncryptionLevelInitial = 0 #44886
pkg crypto/tls, const QUICEncryptionLevelInitial QUICEncryptionLevel #44886
pkg crypto/tls, const QUICHandshakeDone = 7 #44886
pkg crypto/tls, const QUICHandshakeDone QUICEventKind #44886
pkg crypto/tls, const QUICNoEvent = 0 #44886
pkg crypto/tls, const QUICNoEvent QUICEventKind #44886

pkg crypto/tls, const PKCS1WithSHA256 = 1025
pkg crypto/tls, const PKCS1WithSHA256 SignatureScheme
pkg crypto/tls, const PKCS1WithSHA384 = 1281
pkg crypto/tls, const PKCS1WithSHA384 SignatureScheme
pkg crypto/tls, const PKCS1WithSHA512 = 1537
pkg crypto/tls, const PKCS1WithSHA512 SignatureScheme
pkg crypto/tls, const PSSWithSHA256 = 2052
pkg crypto/tls, const PSSWithSHA256 SignatureScheme
pkg crypto/tls, const PSSWithSHA384 = 2053