Hi Dave, I got a couple of bug reports that claim that 2.10.2 regressed on using network credentials. That is, users regularly hit Enter twice when being asked for user name and password while fetching via https://, and cURL automatically used to fall back to using the login credentials (i.e. authenticating via the Domain controller). Turns out those claims are correct: hitting Enter twice (or using URLs with empty user name/password such as https://:tfs:8080/) work in 2.10.1 and yield "Authentication failed" in 2.10.2. I tracked this down to 5275c3081c (http: http.emptyauth should allow empty (not just NULL) usernames, 2016-10-04) which all of a sudden disallowed empty user names (and now only handles things correctly when http.emptyAuth is set to true specifically). This smells like a real bad regression to me, certainly given the time I had to spend to figure this out (starting from not exactly helpful bug reports, due to being very specific to their setups being private). I am *really* tempted to change the default of http.emptyAuth to true, *at least* for Windows (where it is quite common to use your login credentials to authenticate to corporate servers). Before I do anything rash, though: Do you see any downside to that? Ciao, Dscho