Increases the reference count by 1.

Appends `x` to an existing `io.netty.buffer.ByteBuf`.

Creates a default config for Application-Layer Protocol Negotiation (ALPN),
which TLS uses to negotiate which HTTP version to use during the handshake.

Takes a vector of HTTP versions, in order of preference. E.g., `[:http2 :http1]`

Note that the returned config uses `SelectorFailureBehavior.NO_ADVERTISE`[1] and
`SelectedListenerFailureBehavior.ACCEPT`[2] since these are the only failure behaviors
supported by all SSL providers. See their documentation for details. One important
consequence of this is that it's not possible to completely opt out of HTTP/1.1 by way of
only specifying `[:http2]`. If you want this behavior and you know your SSL provider supports
it, you can construct an `ApplicationProtocolConfig` with the desired settings yourself.

1: https://netty.io/4.1/api/io/netty/handler/ssl/ApplicationProtocolConfig.SelectorFailureBehavior.html#NO_ADVERTISE
2: https://netty.io/4.1/api/io/netty/handler/ssl/ApplicationProtocolConfig.SelectedListenerFailureBehavior.html#ACCEPT

Netty's default connect timeout in milliseconds.

Netty's default timeout in seconds to wait for graceful shutdown complete

Creates an instance of DnsAddressResolverGroup that might be set as a resolver to
Bootstrap. The supported options are the same as to `dns-resolver-group-builder`.

Creates an instance of DnsAddressResolverGroupBuilder that is used to
configure and initialize an DnsAddressResolverGroup instance.

DNS options are a map of:

Param key                   | Description
| ---                       | ---
| `max-payload-size`        | sets capacity of the datagram packet buffer (in bytes), defaults to `4096`
| `max-queries-per-resolve` | sets the maximum allowed number of DNS queries to send when resolving a host name, defaults to `16`
| `address-types`           | sets the list of the protocol families of the address resolved, should be one of `:ipv4-only`, `:ipv4-preferred`, `:ipv6-only`, `:ipv4-preferred`  (calculated automatically based on ipv4/ipv6 support when not set explicitly)
| `query-timeout`           | sets the timeout of each DNS query performed by this resolver (in milliseconds), defaults to `5000`
| `min-ttl`                 | sets minimum TTL of the cached DNS resource records (in seconds), defaults to `0`
| `max-ttl`                 | sets maximum TTL of the cached DNS resource records (in seconds), defaults to `Integer/MAX_VALUE` (the resolver will respect the TTL from the DNS)
| `negative-ttl`            | sets the TTL of the cache for the failed DNS queries (in seconds)
| `trace-enabled?`          | if set to `true`, the resolver generates the detailed trace information in an exception message, defaults to `false`
| `opt-resources-enabled?`  | if set to `true`, enables the automatic inclusion of a optional records that tries to give the remote DNS server a hint about how much data the resolver can read per response, defaults to `true`
| `search-domains`          | sets the list of search domains of the resolver, when not given the default list is used (platform dependent)
| `ndots`                   | sets the number of dots which must appear in a name before an initial absolute query is made, defaults to `-1`
| `decode-idn?`             | set if domain / host names should be decoded to unicode when received, defaults to `true`
| `recursion-desired?`      | if set to `true`, the resolver sends a DNS query with the RD (recursion desired) flag set, defaults to `true`
| `name-servers`            | optional list of DNS server addresses, automatically discovered when not set (platform dependent)
| `transport`               | the transport to use, one of `:nio`, `:epoll`, `:kqueue` or `:io-uring` (defaults to `:nio`)

An insecure client SSL context.

Returns a ChannelInitializer which builds the pipeline.

`pipeline-builder` is a 1-ary fn that takes a ChannelPipeline and
configures it.

Decreases the reference count by 1 and deallocates this object if the reference count reaches at 0.

Convenience function to remove a handler from a netty pipeline.

A self-signed SSL context for servers.

Never use in production. Even if you control all clients, and want to use
a self-signed cert internally, do not use this fn, because Netty's
SelfSignedCertificate class is only for testing, and uses an insecure PRNG.

Changes the default logger factory.
The parameter can be either `:log4j`, `:log4j2`, `:slf4j` or `:jdk`.

Creates a new client SSL context.
Keyword arguments are:

| Param key                     | Description
| ---                           | ---
| `private-key`                 | A `java.io.File`, `java.io.InputStream`, or `java.security.PrivateKey` containing the client-side private key.
| `certificate-chain`           | A `java.io.File`, `java.io.InputStream`, sequence of `java.security.cert.X509Certificate`, or array of `java.security.cert.X509Certificate` containing the client's certificate chain.
| `private-key-password`        | A string, the private key's password (optional).
| `trust-store`                 | A `java.io.File`, `java.io.InputStream`, array of `java.security.cert.X509Certificate`, `javax.net.ssl.TrustManager`, or a `javax.net.ssl.TrustManagerFactory` to initialize the context's trust manager.
| `ssl-provider`                | `SslContext` implementation to use, one of `:jdk`, `:openssl` or `:openssl-refcnt`. Note, that when using OpenSSL-based implementations, the library should be installed and linked properly.
| `ciphers`                     | A sequence of strings, the cipher suites to enable, in the order of preference.
| `protocols`                   | A sequence of strings, the TLS protocol versions to enable.
| `session-cache-size`          | The size of the cache used for storing SSL session objects.
| `session-timeout`             | The timeout for the cached SSL session objects, in seconds.
| `application-protocol-config` | An `ApplicationProtocolConfig` instance to configure ALPN. See the `application-protocol-config` function.

Note that if specified, the types of `private-key` and `certificate-chain`
must be compatible: either both input streams, both files, or a private key
and an array of certificates.

Generates a new SslHandler for the given SslContext.

The 2-ary version is for servers.

The 3- and 4-ary versions are for clients. For these, the `remote-address`
must be provided.

The `ssl-endpoint-id-alg` is the name of the algorithm to use for endpoint
identification (see https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html#endpoint-identification-algorithms).
It defaults to "HTTPS" in the 3-ary version which is a reasonable default
for non-HTTPS uses, too. Pass `nil` to disable endpoint identification.

Creates a new server SSL context.
Keyword arguments are:

Param key                       | Description
| ---                           | ---
| `private-key`                 | A `java.io.File`, `java.io.InputStream`, or `java.security.PrivateKey` containing the server-side private key.
| `certificate-chain`           | A `java.io.File`, `java.io.InputStream`, or array of `java.security.cert.X509Certificate` containing the server's certificate chain.
| `private-key-password`        | A string, the private key's password (optional).
| `trust-store`                 | A `java.io.File`, `java.io.InputStream`, sequence of `java.security.cert.X509Certificate`,  array of `java.security.cert.X509Certificate`, `javax.net.ssl.TrustManager`, or a `javax.net.ssl.TrustManagerFactory` to initialize the context's trust manager.
| `ssl-provider`                | `SslContext` implementation to use, on of `:jdk`, `:openssl` or `:openssl-refcnt`. Note, that when using OpenSSL based implementations, the library should be installed and linked properly.
| `ciphers`                     | A sequence of strings, the cipher suites to enable, in the order of preference.
| `protocols`                   | A sequence of strings, the TLS protocol versions to enable.
| `session-cache-size`          | The size of the cache used for storing SSL session objects.
| `session-timeout`             | The timeout for the cached SSL session objects, in seconds.
| `start-tls`                   | If the first write request shouldn't be encrypted.
| `client-auth`                 | The client authentication mode, one of `:none`, `:optional` or `:require`.
| `application-protocol-config` | An `ApplicationProtocolConfig` instance to configure ALPN. See the `application-protocol-config` function.`

Note that if specified, the types of `private-key` and `certificate-chain` must be "compatible": either
both input streams, both files, or a private key and an array of certificates.

Converts `x` into a `io.netty.buffer.ByteBuf`.

Converts `x` into a manifold stream of `io.netty.ByteBuf` of `chunk-size`.