* Nginx
* HAProxy

## Let's Encrypt

Vor Let's Encrypt wurden diese **HTTPS-Zertifikate** von vertrauenswürdigen Dritten verkauft.

Der Prozess zum Erwerb eines dieser Zertifikate war früher umständlich, erforderte viel Papierarbeit und die Zertifikate waren ziemlich teuer.

Aber dann wurde **<a href="https://letsencrypt.org/" class="external-link" target="_blank">Let's Encrypt</a>** geschaffen.

* Nginx
* HAProxy

## Let's Encrypt

Antes de Let's Encrypt, esses **certificados HTTPS** eram vendidos por terceiros confiáveis.

O processo de aquisição de um desses certificados costumava ser complicado, exigia bastante papelada e os certificados eram bastante caros.

Mas então o **<a href="https://letsencrypt.org/" class="external-link" target="_blank">Let's Encrypt</a>** foi criado.

            j = j + key[ki + i % klen] + s[i] & 0xff;
            final byte t = s[i];
            s[i] = s[j];
            s[j] = t;
        }

        i = j = 0;
    }

    /**
     * Encrypts or decrypts data using the RC4 stream cipher.
     * Since RC4 is a stream cipher, the same operation is used for both encryption and decryption.
     *
     * @param src the source data array

	"File":             true,
	"Policy":           true,

	// MinIO specific exceptions to the general S3 rule above.
	encrypt.SseKmsKeyID:          true,
	encrypt.SseEncryptionContext: true,
	encrypt.SseCustomerAlgorithm: true,
	encrypt.SseCustomerKey:       true,
	encrypt.SseCustomerKeyMD5:    true,
}

// checkPostPolicy - apply policy conditions and validate input values.

			if err != nil {
				return
			}
			if sse, err = encrypt.NewSSEC(clientKey[:]); err != nil {
				return
			}
			opts.ServerSideEncryption = encrypt.SSECopy(sse)
			return
		}
		return
	}

	if crypto.SSEC.IsRequested(header) {
		clientKey, err = crypto.SSEC.ParseHTTP(header)
		if err != nil {
			return
		}
		if sse, err = encrypt.NewSSEC(clientKey[:]); err != nil {
			return
		}

## Let's Encrypt

Avant Let's Encrypt, ces certificats HTTPS étaient vendus par des tiers de confiance.

Le processus d'acquisition d'un de ces certificats était auparavant lourd, nécessitait pas mal de paperasses et les certificats étaient assez chers.

Mais ensuite, <a href="https://letsencrypt.org/" class="external-link" target="_blank">Let's Encrypt</a> a été créé.

It is not very popular or used nowadays.

OAuth2 doesn't specify how to encrypt the communication, it expects you to have your application served with HTTPS.

/// tip

In the section about **deployment** you will see how to set up HTTPS for free, using Traefik and Let's Encrypt.

///

## OpenID Connect { #openid-connect }

Он поддерживает множество безопасных алгоритмов хеширования и утилит для работы с ними.

Рекомендуемый алгоритм - "Bcrypt".

Убедитесь, что вы создали и активировали виртуальное окружение, и затем установите PassLib вместе с Bcrypt:

<div class="termy">

```console
$ pip install "passlib[bcrypt]"

---> 100%
```

</div>

/// tip | Подсказка

# specific language governing permissions and limitations
# under the License.

# -----------------------------------------------------------------------------
# Apache Maven Encrypt Script
#
# Environment Variable Prerequisites
#
#   JAVA_HOME           (Optional) Points to a Java installation.
#   MAVEN_OPTS          (Optional) Java runtime options used when Maven is executed.

# specific language governing permissions and limitations
# under the License.

# -----------------------------------------------------------------------------
# Apache Maven Encrypt Script
#
# Environment Variable Prerequisites
#
#   JAVA_HOME           (Optional) Points to a Java installation.
#   MAVEN_OPTS          (Optional) Java runtime options used when Maven is executed.