# WARNING: Retrying (Retry(total=0)) after connection broken by 'ProxyError': ('Cannot connect to proxy.', error('Tunnel connection failed: 407 Proxy Authentication Required')) - **ID:** `pip/network-proxy-authentication-407` - **Domain:** pip - **Category:** network_error - **Error Code:** `407` - **Verification:** ai_generated - **Fix Rate:** 85% ## Root Cause pip is behind a corporate proxy that requires authentication, but the proxy credentials are missing or incorrect in the environment or pip configuration. ## Version Compatibility | Version | Status | Introduced | Deprecated | |---------|--------|------------|------------| | pip 24.2 | active | — | — | | Python 3.12 | active | — | — | | urllib3 2.2 | active | — | — | ## Workarounds 1. **Set proxy with credentials in environment variables: 'set HTTP_PROXY=http://user:password@proxy.company.com:8080' and 'set HTTPS_PROXY=http://user:password@proxy.company.com:8080' on Windows, or export on Linux/Mac.** (90% success) ``` Set proxy with credentials in environment variables: 'set HTTP_PROXY=http://user:password@proxy.company.com:8080' and 'set HTTPS_PROXY=http://user:password@proxy.company.com:8080' on Windows, or export on Linux/Mac. ``` 2. **Configure pip's proxy globally: 'pip config set global.proxy http://user:password@proxy.company.com:8080'** (85% success) ``` Configure pip's proxy globally: 'pip config set global.proxy http://user:password@proxy.company.com:8080' ``` 3. **Use a proxy authentication helper like 'cntlm' to handle NTLM auth and set HTTP_PROXY to localhost:3128.** (75% success) ``` Use a proxy authentication helper like 'cntlm' to handle NTLM auth and set HTTP_PROXY to localhost:3128. ``` ## Dead Ends - **** — Setting HTTP_PROXY and HTTPS_PROXY without credentials still fails with 407; authentication is required. (95% fail) - **** — Disabling proxy detection with '--proxy ""' may work only if the machine has direct internet access, but often fails in corporate networks. (70% fail) - **** — Using 'pip install --trusted-host pypi.org' bypasses SSL checks but does not solve proxy authentication. (98% fail)