*/
    public void setWorkstation(final String workstation) {
        this.workstation = workstation;
    }

    /**
     * The real session key if the regular session key is actually
     * the encrypted version used for key exchange.
     *
     * @return A <code>byte[]</code> containing the session key.
     */
    public byte[] getMasterKey() {
        return masterKey;
    }

    /**

  }

  /** Test which headers are sent unencrypted to the HTTP proxy.  */
  @Test
  fun proxyConnectOmitsApplicationHeaders() {
    server.useHttps(handshakeCertificates.sslSocketFactory())
    server.enqueue(
      MockResponse
        .Builder()
        .inTunnel()
        .build(),
    )
    server.enqueue(
      MockResponse(body = "encrypted response from the origin server"),
    )

	WantServerSideChecksumType hash.ChecksumType // if set, we compute a server-side checksum of this type

	NoDecryption                        bool      // indicates if the stream must be decrypted.
	PreserveETag                        string    // preserves this etag during a PUT call.
	NoLock                              bool      // indicates to lower layers if the caller is expecting to hold locks.

                // SECURITY WARNING: Unsecure basic authentication is enabled by default.
                // This sends credentials in Base64 encoding over potentially unencrypted connections.
                // For production, it is STRONGLY RECOMMENDED to set spnego.allow.unsecure.basic to false
                // and use HTTPS or more secure authentication methods.

		}
		if sse, err = encrypt.NewSSEC(clientKey[:]); err != nil {
			return opts, err
		}
		opts.ServerSideEncryption = sse
		return opts, err
	}
	if crypto.S3.IsRequested(header) || (metadata != nil && crypto.S3.IsEncrypted(metadata)) {
		opts.ServerSideEncryption = encrypt.NewSSE()
	}

	return opts, err
}

// get ObjectOptions for GET calls from encryption headers

				"application/oebps-package+xml",
				"application/ogg",
				"application/kate",
				"application/onenote",
				"application/parityfec",
				"application/patch-ops-error+xml",
				"application/pgp-encrypted",
				"application/pgp-keys",
				"application/pgp-signature",
				"application/pics-rules",
				"application/pidf+xml",
				"application/pidf-diff+xml",
				"application/pkcs10",
				"application/pkcs7-mime",

		Dsc:                  dsc,
		ExistingObjResync:    existingObjResync,
		TargetStatuses:       tgtStatuses,
		TargetPurgeStatuses:  purgeStatuses,
		ReplicationTimestamp: tm,
		SSEC:                 crypto.SSEC.IsEncrypted(oi.UserDefined),
		UserTags:             oi.UserTags,
	}
	if r.SSEC {
		r.Checksum = oi.Checksum
	}
	return r
}

      MockResponse
        .Builder()
        .inTunnel()
        .build(),
    )
    server.enqueue(MockResponse(body = "encrypted response from the origin server"))
    client =
      client
        .newBuilder()
        .proxy(server.proxyAddress)
        .sslSocketFactory(
          handshakeCertificates.sslSocketFactory(),
          handshakeCertificates.trustManager,

    /** Queries field name. */
    public static final String QUERIES = "queries";

    /** Virtual hosts field name. */
    public static final String VIRTUAL_HOSTS = "virtualHosts";

    /** Prefix for encrypted/ciphered values. */
    public static final String CIPHER_PREFIX = "{cipher}";

    /** System user identifier. */
    public static final String SYSTEM_USER = "system";

    /** Empty user ID placeholder. */

  * More reliable kube-up/kube-down
  * Enable ICMP Type 3 Code 4 for ELBs
  * ARP caching fix
  * Use /dev/xvdXX names
  * ELB:
    * ELB proxy protocol support 
	* mixed plaintext/encrypted ports support in ELBs
    * SSL support for ELB listeners
  * Allow VPC CIDR to be specified (experimental)
  * Fix problems with >2 security groups
* GCP:
  * Enable using gcr.io as a Docker registry mirror.