echo "BUG: Etags dont match for 'mpartobj'. Source: ${SRC_OBJ_2_ETAG}, Destination: ${DEST_OBJ_2_ETAG}"
	exit_1
fi

echo "Set default encryption on "

# test if checksum header is replicated for encrypted objects
# Enable SSE KMS for test-bucket bucket
./mc encrypt set sse-kms minio-default-key minio1/test-bucket --insecure

# Load objects to source site with checksum header

Der Client sendet also einen **HTTPS-Request**. Das ist einfach ein HTTP-Request über eine verschlüsselte TLS-Verbindung.

<img src="/img/deployment/https/https04.drawio.svg">

### Den Request entschlüsseln { #decrypt-the-request }

    public static final int ACB_PWNOEXP = 512;
    /** Account control bit flag: Account is auto-locked */
    public static final int ACB_AUTOLOCK = 1024;
    /** Account control bit flag: Encrypted text password is allowed */
    public static final int ACB_ENC_TXT_PWD_ALLOWED = 2048;
    /** Account control bit flag: Smart card is required for login */
    public static final int ACB_SMARTCARD_REQUIRED = 4096;

    public static final int ACB_PWNOEXP = 512;
    /** Account control bit flag: Account is auto-locked */
    public static final int ACB_AUTOLOCK = 1024;
    /** Account control bit flag: Encrypted text password is allowed */
    public static final int ACB_ENC_TXT_PWD_ALLOWED = 2048;
    /** Account control bit flag: Smart card is required for login */
    public static final int ACB_SMARTCARD_REQUIRED = 4096;

Dolayısıyla client bir **HTTPS request** gönderir. Bu, şifreli bir TLS bağlantısı üzerinden giden bir HTTP request’tir.

<img src="/img/deployment/https/https04.drawio.svg">

### Request’in Şifresini Çözme { #decrypt-the-request }

	sseS3 := crypto.S3.IsEncrypted(objInfo.UserDefined)
	if !sseKMS && !sseS3 { // neither sse-s3 nor sse-kms disallowed
		return errInvalidEncryptionParameters
	}
	if sseKMS && r.Encryption.Type == sses3 { // previously encrypted with sse-kms, now sse-s3 disallowed
		return errInvalidEncryptionParameters
	}
	versioned := globalBucketVersioningSys.PrefixEnabled(srcBucket, srcObject)

Клиент отправляет **HTTPS‑запрос**. Это обычный HTTP‑запрос через зашифрованное TLS‑соединение.

<img src="/img/deployment/https/https04.drawio.svg">

### Расшифровка запроса { #decrypt-the-request }

     */
    public void setWorkstation(final String workstation) {
        this.workstation = workstation;
    }

    /**
     * The real session key if the regular session key is actually
     * the encrypted version used for key exchange.
     *
     * @return A <code>byte[]</code> containing the session key.
     */
    public byte[] getMasterKey() {
        return masterKey;
    }

    /**

現在用戶端與伺服器（更精確地說，是瀏覽器與 TLS 終止代理）之間已有**加密的 TCP 連線**，他們可以開始進行 **HTTP** 通訊。

因此，用戶端送出一個 **HTTPS 請求**。它其實就是透過加密的 TLS 連線發送的一個 HTTP 請求。

<img src="/img/deployment/https/https04.drawio.svg">

### 解密請求 { #decrypt-the-request }

TLS 終止代理會依照先前協商的方式**解密請求**，並將**純（已解密）的 HTTP 請求**轉交給運行應用的行程（例如以 Uvicorn 執行的 FastAPI 應用行程）。

<img src="/img/deployment/https/https05.drawio.svg">

### HTTP 回應 { #http-response }

现在客户端和服务器（特别是浏览器和 TLS 终止代理）具有 **加密的 TCP 连接**，它们可以开始 **HTTP 通信**。

接下来，客户端发送一个 **HTTPS 请求**。 这其实只是一个通过 TLS 加密连接的 HTTP 请求。

<img src="/img/deployment/https/https04.drawio.svg">

### 解密请求 { #decrypt-the-request }

TLS 终止代理将使用协商好的加密算法**解密请求**，并将**（解密的）HTTP 请求**传输到运行应用程序的进程（例如运行 FastAPI 应用的 Uvicorn 进程）。

<img src="/img/deployment/https/https05.drawio.svg">

### HTTP 响应 { #http-response }