On Thu, Mar 28, 2024 at 09:54:06AM -0400, Jason Qian via openssl-users wrote: > We are running C++ server(with TLS 1.2 OpenSSL 1.1.1n). The clients are in > C#, Java and C++; > All clients work fine, but when using C++ client, the server receives a > large amount of Authorization information along with application data. > (C#, Java client are not sending those information) > > GET /data//somehost-1/ddt//ds-1117482431063112572/2.out HTTP/1.1 > Host: somehost .dev.xx.com:27159 > *Authorization: Negotiate > YIIMmQYGKwYBBQUCoIIMjTCCDImgMDAuBgkqhkiC9xIBAg......* > > The C++ client is using CURL [7.83.0] with OpenSSL 1.1.1n. It looks like CURL supports SPENEGO (GSSAPI) authentication, and presents a suitable token to the server. The other clients might not include SPENEGO support. Per the previous reply, this is an HTTP not an OpenSSL issue. -- Viktor.