• Daniel Lenski's avatar
    Reduce unnecessary connection-rebuilding for Juniper · 46de5eee
    Daniel Lenski authored
    The current oNCP (Juniper) protocol support sets "Connection: close" in all
    HTTP requests.  This is not ideal because it requires many TLS handshakes
    and round-trips, making the connection very slow to start when the latency
    of the connection to the gateway is high, especially if the number of
    authentication forms and redirects is large.
    
    Simply removing the "Connection: close" header causes the oNCP connection
    to fail; the server doesn't interpret the first packet sent over the oNCP
    tunnel correctly (the vestigial authentication packet).
    
    However, it appears that the "Connection: close" header *only* needs to be
    specified for this final HTTP request, and not for any of the prior ones.
    The presence of this header seems to signal to the gateway that it should
    stop treating this as an HTTP connection, and start treating it as an
    oNCP tunnel.
    
    Tested on two different Juniper gateways, one which returns
    "NCP-Version: 2" and one which returns "NCP-Version: 3" in response to
    the oNCP negotiation requests.
    46de5eee
Name
Last commit
Last update
android Loading commit data...
java Loading commit data...
m4 Loading commit data...
po Loading commit data...
tests Loading commit data...
www Loading commit data...
.gitignore Loading commit data...
.gitlab-ci.yml Loading commit data...
AUTHORS Loading commit data...
COPYING.LGPL Loading commit data...
Makefile.am Loading commit data...
README.DTLS Loading commit data...
README.TESTS Loading commit data...
TODO Loading commit data...
acinclude.m4 Loading commit data...
auth-common.c Loading commit data...
auth-globalprotect.c Loading commit data...
auth-juniper.c Loading commit data...
auth.c Loading commit data...
autogen.sh Loading commit data...
compat.c Loading commit data...
config.rpath Loading commit data...
configure.ac Loading commit data...
cstp.c Loading commit data...
digest.c Loading commit data...
dtls.c Loading commit data...
esp-seqno.c Loading commit data...
esp.c Loading commit data...
gnutls-dtls.c Loading commit data...
gnutls-esp.c Loading commit data...
gnutls.c Loading commit data...
gnutls.h Loading commit data...
gnutls_tpm.c Loading commit data...
gpst.c Loading commit data...
gssapi.c Loading commit data...
hipreport.sh Loading commit data...
http-auth.c Loading commit data...
http.c Loading commit data...
iconv.c Loading commit data...
jni.c Loading commit data...
libopenconnect.map.in Loading commit data...
library.c Loading commit data...
lzo.c Loading commit data...
lzo.h Loading commit data...
lzs.c Loading commit data...
main.c Loading commit data...
mainloop.c Loading commit data...
ntlm.c Loading commit data...
oath.c Loading commit data...
oncp.c Loading commit data...
openconnect-internal.h Loading commit data...
openconnect.8.in Loading commit data...
openconnect.h Loading commit data...
openconnect.ico Loading commit data...
openconnect.pc.in Loading commit data...
openconnect.rc Loading commit data...
openssl-dtls.c Loading commit data...
openssl-esp.c Loading commit data...
openssl-pkcs11.c Loading commit data...
openssl.c Loading commit data...
script.c Loading commit data...
ssl.c Loading commit data...
sspi.c Loading commit data...
stoken.c Loading commit data...
tncc-wrapper.py Loading commit data...
tun-win32.c Loading commit data...
tun.c Loading commit data...
version.sh Loading commit data...
win32-ipicmp.h Loading commit data...
xml.c Loading commit data...
yubikey.c Loading commit data...