Después de esto, el cliente y el servidor tienen una **conexión TCP encriptada**, esto es lo que proporciona TLS. Y luego pueden usar esa conexión para iniciar la comunicación **HTTP real**.

Y eso es lo que es **HTTPS**, es simplemente HTTP simple **dentro de una conexión TLS segura** en lugar de una conexión TCP pura (sin encriptar).

/// tip | Consejo

      with:
        path: ~/go/pkg/mod
        key: ${{ runner.os }}-go-${{ matrix.go }}-${{ hashFiles('tests/go.mod') }}

    - name: Tests
      run: GITHUB_ACTION=true GORM_DIALECT=mysql GORM_DSN="gorm:gorm@tcp(localhost:9910)/gorm?charset=utf8&parseTime=True" ./tests/tests_all.sh

  mariadb:
    strategy:
      matrix:
        dbversion: [ 'mariadb:latest' ]
        go: ['1.24', '1.25']
        platform: [ ubuntu-latest ]

# Reduce CPU utilization
net.ipv4.tcp_timestamps=0

# Increase throughput
net.ipv4.tcp_sack=1

# Low latency mode for TCP
net.ipv4.tcp_low_latency=1

# The following variable is used to tell the kernel how 
# much of the socket buffer space should be used for TCP 
# window size, and how much to save for an application buffer.
net.ipv4.tcp_adv_win_scale=1

# disable RFC2861 behavior

        if (connectResult == null) {
          connectResult = awaitTcpConnect(awaitTimeoutNanos, TimeUnit.NANOSECONDS) ?: continue
        }

        if (connectResult.isSuccess) {
          // We have a connected TCP connection. Cancel and defer the racing connects that all lost.
          cancelInFlightConnects()

          // Finish connecting. We won't have to if the winner is from the connection pool.

type Server struct {
	http.Server
	Addrs         []string      // addresses on which the server listens for new connection.
	TCPOptions    TCPOptions    // all the configurable TCP conn specific configurable options.
	listenerMutex sync.Mutex    // to guard 'listener' field.
	listener      *httpListener // HTTP listener for all 'Addrs' field.

		}

		if net.ParseIP(host) != nil {
			// For IP only setups there is no need for DNS lookups.
			return baseDialCtx(ctx, "tcp", addr)
		}

		ips, err := lookupHost(ctx, host)
		if err != nil {
			return nil, err
		}

		for _, ip := range ips {
			conn, err = baseDialCtx(ctx, "tcp", net.JoinHostPort(ip, port))
			if err == nil {
				break
			}
		}

		return conn, err
	}

  loadBalancerIP: {{ .Values.consoleService.loadBalancerIP }}
  {{- end }}
  ports:
    - name: {{ $scheme }}
      port: {{ .Values.consoleService.port }}
      protocol: TCP
      {{- if (and (eq .Values.consoleService.type "NodePort") ( .Values.consoleService.nodePort)) }}
      nodePort: {{ .Values.consoleService.nodePort }}
      {{- else }}
      targetPort: {{ .Values.minioConsolePort }}

import java.net.SocketAddress;
import jnr.unixsocket.UnixSocket;
import jnr.unixsocket.UnixSocketAddress;
import jnr.unixsocket.UnixSocketChannel;

/**
 * Subtype UNIX socket for a higher-fidelity impersonation of TCP sockets. This is named "tunneling"
 * because it assumes the ultimate destination has a hostname and port.
 */
final class TunnelingUnixSocket extends UnixSocket {
  private final File path;

  loadBalancerIP: {{ default "" .Values.service.loadBalancerIP | quote }}
  {{- end }}
  ports:
    - name: {{ $scheme }}
      port: {{ .Values.service.port }}
      protocol: TCP
      {{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }}
      nodePort: {{ .Values.service.nodePort }}
      {{- else }}
      targetPort: {{ .Values.minioAPIPort }}
      {{- end }}

				}
			})
			return nil
		},
	}

	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
	defer cancel()

	l, err := lc.Listen(ctx, "tcp", net.JoinHostPort(host, port))
	if err != nil {
		return err
	}

	// As we are able to listen on this network, the port is not in use.
	// Close the listener and continue check other networks.
	return l.Close()