if runtime.GOOS != "linux" {
		t.Skip()
	}

	l, err := net.Listen("tcp", "localhost:0") // ask kernel for a free port.
	if err != nil {
		t.Fatal(err)
	}
	defer l.Close()

	port := l.Addr().(*net.TCPAddr).Port

	testCases := []struct {
		host        string
		port        int
		expectedErr error
	}{
		{"", port, fmt.Errorf("listen tcp :%v: bind: address already in use", port)},

	tcpTimeForFirstByteTotalDur uint64
}{}

// RPCStats holds information about the DHCP/TCP metrics and errors
type RPCStats struct {
	Errs uint64

	DialAvgDuration uint64
	TTFBAvgDuration uint64
	DialErrs        uint64
}

// GetRPCStats returns RPC stats, include calls errors and dhcp/tcp metrics
func GetRPCStats() RPCStats {
	s := RPCStats{
		Errs:     atomic.LoadUint64(&globalStats.errs),

After this, the client and the server have an **encrypted TCP connection**, this is what TLS provides. And then they can use that connection to start the actual **HTTP communication**.

And that's what **HTTPS** is, it's just plain **HTTP** inside a **secure TLS connection** instead of a pure (unencrypted) TCP connection.

/// tip

    @DisplayName("hasCapability(cap): returns configured value and captures argument across edge caps")
    void hasCapability_variousCaps_returnsTrue_andCapturesArgument(int cap) throws Exception {
        // Arrange: stub to return true regardless of input
        when(handle.hasCapability(anyInt())).thenReturn(true);

        // Act
        boolean result = handle.hasCapability(cap);

* Шифрование соединения происходит на **уровне TCP**.
    * Это на один уровень **ниже HTTP**.
    * Поэтому **сертификаты и шифрование** обрабатываются **до HTTP**.
* **TCP не знает о «доменах»**. Только об IP-адресах.
    * Информация о **конкретном домене** передаётся в **данных HTTP**.

      app: {{ template "minio.name" . }}
      release: {{ .Release.Name }}
  ingress:
  - toPorts:
    - ports:
      - port: "{{ .Values.minioAPIPort }}"
        protocol: TCP
      - port: "{{ .Values.minioConsolePort }}"
        protocol: TCP
    {{- if not .Values.networkPolicy.allowExternal }}
    fromEndpoints:
    - matchLabels:
        {{ template "minio.name" . }}-client: "true"
    {{- end }}
  egress:

      check(connectState == ConnectState.READY)
      events += "plan $id TCP connecting..."

      taskFaker.sleep(tcpConnectDelayNanos)

      if (yieldBeforeTcpConnectReturns) {
        taskFaker.yield()
      }

      return when {
        tcpConnectThrowable != null -> {
          events += "plan $id TCP connect failed"

Após isso, o cliente e o servidor possuem uma conexão TCP encriptada, que é provida pelo TLS. E então eles podem usar essa conexão para começar a comunicação HTTP propriamente dita.

E isso resume o que é HTTPS, apenas HTTP simples dentro de uma conexão TLS segura em vez de uma conexão TCP pura (não encriptada).

/// tip | Dica

        props.setProperty("jcifs.smb.client.useRDMA", "true");
        props.setProperty("jcifs.smb.client.rdmaProvider", "tcp");

        PropertyConfiguration config = new PropertyConfiguration(props);

        assertTrue(config.isUseRDMA(), "RDMA should be enabled");
        assertEquals("tcp", config.getRdmaProvider(), "Provider should be tcp");
    }

    @Test
    public void testRdmaAutoProvider() throws CIFSException {

/// tip | Tipp

Beachten Sie, dass die Verschlüsselung der Kommunikation auf der **TCP-Ebene** und nicht auf der HTTP-Ebene erfolgt.

///

### HTTPS-Request { #https-request }

Da Client und Server (sprich, der Browser und der TLS-Terminierungsproxy) nun über eine **verschlüsselte TCP-Verbindung** verfügen, können sie die **HTTP-Kommunikation** starten.