The problem may be not openssl but rather your authentication backend (as configured in httpd.conf). For example, if you use LDAP authentication and your LDAP server is slow to respond, that could account for some seconds' difference.
On Thu, 21 Apr 2011 09:44 +0100, "Matthew Fletcher" <MFletcher_at_serck-controls.co.uk> wrote:
>
> Thanks for the info, enabling apache logging i can see where the pause is comming from,. its between the inital client connection and granting the access rights to my user. A full 15 seconds ! This is a fast quad core xeon server as well.
>
> [Thu Apr 21 09:32:30 2011] [info] Connection: Client IP: 10.141.81.134, Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits)
> [Thu Apr 21 09:32:45 2011] [info] [client 10.141.81.134] Access granted: 'MFletcher' OPTIONS Play:/
>
> How do i go about finding out why its taking so long to do the inital https / SSL stuff before granting access ? I realise this crosses the boundary between SVN/apache/OpenSSL so it might be tricky.
>
>
> regards,
>
> Matthew
>
>
>
> > -----Original Message-----
> > From: Daniel Shahaf [mailto:d.s_at_daniel.shahaf.name]
> > Sent: 20 April 2011 18:21
> > To: Matthew Fletcher; users_at_subversion.apache.org
> > Subject: Re: Slow initial repo access (https method)
> >
> >
> >
> > On Wed, 20 Apr 2011 14:06 +0100, "Matthew Fletcher"
> > <MFletcher_at_serck-controls.co.uk> wrote:
> > > Hi,
> > >
> > > We are using svn 1.6.16 on the server and have noticed that
> > there is a large pause in the inital https requests, (snip of
> > wireshark shown bellow). Basically it looks like this is a
> > server side issue but i am not sure where to look for logs (apache ?).
> >
> > I'd firstly try to understand what the two packets are on
> > either side of the large pause. So...
> >
> > * A dev who knows the protocol might be able to tell what
> > those packets are without even looking at your data;
> > * You might be able to decrypt the packets you posted;
> > * You might be able to reproduce the problem with non-ssl connections;
> > * You might be able to log the packets before they get
> > encrypted (or after decrypted).
> >
>
> **********************************************************************
> Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK
> A company registered in England Reg. No. 4353634
> Tel: +44 (0) 24 7630 5050 Fax: +44 (0) 24 7630 2437
> Web: www.serck-controls.com Admin: post_at_serck-controls.co.uk
> A subsidiary of Schneider Electric.
> **********************************************************************
> This email and files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the above. Any views or opinions presented are those of the author
> and do not necessarily represent those of Serck Controls Ltd.
>
> This message has been scanned for malware by Mailcontrol. www.Mailcontrol.com
>
Received on 2011-04-21 10:49:35 CEST