All methods ignore the signature authentication of the server response package, that is, only the request is encrypted with a self-signed certificate.
Example.key and example.crt are derived from. Use the pfx file of openssl (if pfx has a password, it will prompt for it):