Reduce unnecessary connection-rebuilding for Juniper
The current oNCP (Juniper) protocol support sets "Connection: close" in all HTTP requests. This is not ideal because it requires many TLS handshakes and round-trips, making the connection very slow to start when the latency of the connection to the gateway is high, especially if the number of authentication forms and redirects is large. Simply removing the "Connection: close" header causes the oNCP connection to fail; the server doesn't interpret the first packet sent over the oNCP tunnel correctly (the vestigial authentication packet). However, it appears that the "Connection: close" header *only* needs to be specified for this final HTTP request, and not for any of the prior ones. The presence of this header seems to signal to the gateway that it should stop treating this as an HTTP connection, and start treating it as an oNCP tunnel. Tested on two different Juniper gateways, one which returns "NCP-Version: 2" and one which returns "NCP-Version: 3" in response to the oNCP negotiation requests.
Showing with 14 additions and 1 deletion