Openconnect proxy Keep-Alive

David Woodhouse dwmw2 at
Mon Sep 8 05:50:25 PDT 2014

On Mon, 2014-09-08 at 15:43 +0400, Alexander Rumyantsev wrote:
> I ran into situation, when my proxy sends "Connection: close" while
> trying to authenticate in spite of openconnect’s "Connection:
> keep-alive" request.
> Openconnect first receives HTTP 407 Authentication Required for
> parsing available auth methods, then tries to send request with
> Proxy-Authorization header within closing connection and we get "Error
> fetching HTTPS response".
> Openconnect have either to send "Proxy-Authorization" immediately, or
> to handle "Connection: close"

Hopefully the latter is fixed already by

There is possibly still merit in exploring the option of sending
Proxy-Authentication immediately, to reduce the latency of OpenConnect
(re)opening connections.

I'd like to see it be a little less of hack though. Let's start with
making it work for the second and subsequent connections, having
'learned' the authentication options the first time — and *then* let's
look at "jump-starting" it from the command line.

If we've made a successful authentication by a given method when we
ought to go straight to using that method on the next connection
attempt. And even if it's Digest, we should be looking for a
Proxy-Authenticate-Info: which will tell us the *next* nonce so we can
even do authentication straight away for Digest auth.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list