MinIO supports two different types of server-side encryption ([SSE](#sse)):

- **SSE-C**: The MinIO server en/decrypts an object with a secret key provided by the S3 client as part of the HTTP request headers. Therefore, [SSE-C](#ssec) requires TLS/HTTPS.
- **SSE-S3**: The MinIO server en/decrypts an object with a secret key managed by a KMS. Therefore, MinIO requires a valid KMS configuration for [SSE-S3](#sses3).

### Server-Side Encryption - Preliminaries

        "com.squareup.okhttp3",
        "com.squareup.okhttp3.brotli",
        "com.squareup.okhttp3.dnsoverhttps",
        "com.squareup.okhttp3.logging",
        "com.squareup.okhttp3.sse",
        "com.squareup.okhttp3.tls",
        "com.squareup.okhttp3.urlconnection",
      )

    /** Equinox must also be on the testing classpath.  */
    private const val RESOLVE_OSGI_FRAMEWORK = "org.eclipse.osgi"

  // for version differences
  override fun newSSLContext(): SSLContext =
    // supports TLSv1.3 by default (version api is >= 1.4.0)
    SSLContext.getInstance("TLS", provider)

  override fun platformTrustManager(): X509TrustManager {
    val trustManagers =
      TrustManagerFactory
        .getInstance(TrustManagerFactory.getDefaultAlgorithm())
        .apply {

	MOVD	$(709.78271289338397), F3		// 970f000087b10f00

	// TLS load with local-exec (LUI + ADDIW + ADD of TP + load)
	MOV	tls(SB), X5				// b70f00009b8f0f00b38f4f0083b20f00
	MOVB	tls(SB), X5				// b70f00009b8f0f00b38f4f0083820f00

	// TLS store with local-exec (LUI + ADDIW + ADD of TP + store)
	MOV	X5, tls(SB)				// b70f00009b8f0f00b38f4f0023b05f00
	MOVB	X5, tls(SB)				// b70f00009b8f0f00b38f4f0023805f00

Y debe haber algo encargado de **renovar los certificados HTTPS**, podría ser el mismo componente o algo diferente.

### Herramientas de Ejemplo para HTTPS

Algunas de las herramientas que podrías usar como Proxy de Terminación TLS son:

* Traefik
    * Maneja automáticamente las renovaciones de certificados ✨
* Caddy

cleanup

export MINIO_CI_CD=1
export MINIO_BROWSER=off
export MINIO_ROOT_USER="minio"
export MINIO_ROOT_PASSWORD="minio123"
TEST_MINIO_ENC_KEY="MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDA"

# Create certificates for TLS enabled MinIO
echo -n "Setup certs for MinIO instances ..."
wget -O certgen https://github.com/minio/certgen/releases/latest/download/certgen-linux-amd64 && chmod +x certgen
./certgen --host localhost
mkdir -p /tmp/certs

import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import okhttp3.OkHttpClient;
import okhttp3.Protocol;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.tls.HandshakeCertificates;
import org.junit.Test;
import org.junit.runner.RunWith;
import javax.net.ssl.SSLHandshakeException;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;

    TrustManagerFactory trustManagerFactory =
        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(keystore);

    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(
        keyManagerFactory.getKeyManagers(),
        trustManagerFactory.getTrustManagers(),
        new SecureRandom());

    return sslContext;
  }

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3.tls.internal.der

import okio.Buffer
import okio.ByteString

/**
 * Encode and decode a model object like a [Long] or [Certificate] as DER bytes.
 */
internal interface DerAdapter<T> {

	}

	baseTestCases := []TestSuiteCommon{
		// Init and run test on ErasureSD backend with signature v4.
		{serverType: "ErasureSD", signer: signerV4},
		// Init and run test on ErasureSD backend, with tls enabled.
		{serverType: "ErasureSD", signer: signerV4, secure: true},
		// Init and run test on Erasure backend.
		{serverType: "Erasure", signer: signerV4},
		// Init and run test on ErasureSet backend.