mountPath: {{ $casPath }} {{- end }} {{- end -}} {{/* Formats volume for MinIO TLS keys and trusted certs */}} {{- define "minio.tlsKeysVolume" -}} {{- if .Values.tls.enabled }} - name: cert-secret-volume secret: secretName: {{ tpl .Values.tls.certSecret $ }} items: - key: {{ .Values.tls.publicCrt }} path: public.crt - key: {{ .Values.tls.privateKey }} path: private.key {{- end }} {{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }} {{- $certSecret := eq .Values.trustedCertsSecret "" | ternary...

mountPath: {{ $casPath }} {{- end }} {{- end -}} {{/* Formats volume for MinIO TLS keys and trusted certs */}} {{- define "minio.tlsKeysVolume" -}} {{- if .Values.tls.enabled }} - name: cert-secret-volume secret: secretName: {{ tpl .Values.tls.certSecret $ }} items: - key: {{ .Values.tls.publicCrt }} path: public.crt - key: {{ .Values.tls.privateKey }} path: private.key {{- end }} {{- if or .Values.tls.enabled (ne .Values.trustedCertsSecret "") }} {{- $certSecret := eq .Values.trustedCertsSecret "" | ternary...

Esse interação entre o cliente e o servidor para estabelecer uma conexão TLS é chamada de Handshake TLS.

### TLS com a Extensão SNI { #tls-with-sni-extension }

Apenas um processo no servidor pode se conectar a uma porta em um endereço IP. Poderiam existir outros processos conectados em outras portas desse mesmo endereço IP, mas apenas um para cada combinação de endereço IP e porta.

TLS (HTTPS) usa a porta `443` por padrão. Então essa é a porta que precisamos.

pkg crypto/tls, method (*Dialer) Dial(string, string) (net.Conn, error)
pkg crypto/tls, method (*Dialer) DialContext(context.Context, string, string) (net.Conn, error)
pkg crypto/tls, method (ClientAuthType) String() string
pkg crypto/tls, method (CurveID) String() string
pkg crypto/tls, method (SignatureScheme) String() string
pkg crypto/tls, type Config struct, VerifyConnection func(ConnectionState) error

package config

import (
	"bytes"
	"crypto/tls"
	"crypto/x509"
	"encoding/pem"
	"errors"
	"os"

	"github.com/minio/pkg/v3/env"
)

// EnvCertPassword is the environment variable which contains the password used
// to decrypt the TLS private key. It must be set if the TLS private key is
// password protected.
const EnvCertPassword = "MINIO_CERT_PASSWD"

```bash
kubectl create secret generic tls-ssl-minio --from-file=path/to/private.key --from-file=path/to/public.crt
```

Then install the chart, specifying that you want to use the TLS secret:

```bash
helm install --set tls.enabled=true,tls.certSecret=tls-ssl-minio minio/minio
```

### Installing certificates from third party CAs

{{- end }}
{{- end -}}

{{/*
Formats volume for MinIO TLS keys and trusted certs
*/}}
{{- define "minio.tlsKeysVolume" -}}
{{- if .Values.tls.enabled }}
- name: cert-secret-volume
  secret:
    secretName: {{ tpl .Values.tls.certSecret $ }}
    items:
    - key: {{ .Values.tls.publicCrt }}
      path: public.crt
    - key: {{ .Values.tls.privateKey }}
      path: private.key
{{- end }}

--------

```kotlin
implementation("com.squareup.okhttp3:okhttp-tls:5.3.0")
```

 [held_certificate]: https://square.github.io/okhttp/4.x/okhttp-tls/okhttp3.tls/-held-certificate/
 [held_certificate_builder]: https://square.github.io/okhttp/4.x/okhttp-tls/okhttp3.tls/-held-certificate/-builder/
 [handshake_certificates]: https://square.github.io/okhttp/4.x/okhttp-tls/okhttp3.tls/-handshake-certificates/

  id("com.vanniktech.maven.publish.base")
  id("binary-compatibility-validator")
  id("ru.vyarus.animalsniffer")
}

project.applyOsgi(
  "Export-Package: okhttp3.tls",
  "Bundle-SymbolicName: com.squareup.okhttp3.tls"
)

project.applyJavaModules("okhttp3.tls")

dependencies {
  api(libs.squareup.okio)
  "friendsImplementation"(projects.okhttp)
  compileOnly(libs.animalsniffer.annotations)

		}
		dialer.TLSConfig = tls

		conn, br, _, err := dialer.Dial(ctx, toDial)
		if br != nil {
			ws.PutReader(br)
		}
		return conn, err
	}
}

// ConnectWS returns a function that dials a websocket connection to the given address.
// Route and auth are added to the connection.