[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Slow initial repo access (https method)

From: Matthew Fletcher <MFletcher_at_serck-controls.co.uk>
Date: Thu, 21 Apr 2011 10:16:29 +0100

Hi,

Our IT guys have been quite helpful and checked the DNS setup (and showed it to me), looks fine. A test accessing the repo via IP address gives the same delay.

regards
 
Matthew J Fletcher | Serck Controls | United Kingdom | Lead Software Engineer
Phone: +44 2476 305050 | Direct Dial: +44 2476 515089
Email: mfletcher_at_serck-controls.co.uk | Site: www.serck-controls.co.uk | Address: Rowley Drive, Coventry, CV3 4FH, United Kingdom

 
 

> -----Original Message-----
> From: Matthew Fletcher
> Sent: 21 April 2011 09:55
> To: 'Daniel Shahaf'; users_at_subversion.apache.org
> Subject: RE: Slow initial repo access (https method)
>
>
> Hi,
>
> Nothing as fancy as LDAP, just a basic file.
>
> AuthType Basic
> AuthBasicProvider file
>
>
> I wonder if it could be due to DNS name lookup issues,
>
> http://old.nabble.com/Using-SSL-between-Apache-proxy-and-Synap
> se-causes-consistent-10-second-delay-in-SSL-handshake-td16014406.html
>
> "Check if reverse DNS lookups are the same for both
> production and stating/integration. The 10 second delays are
> usually caused by reverse lookups when accepting connections,
> since we try to get the hostname for logging."
>
> I will look into that.
>
>
> regards
>
> Matthew
>
>
>
> > -----Original Message-----
> > From: Daniel Shahaf [mailto:d.s_at_daniel.shahaf.name]
> > Sent: 21 April 2011 09:49
> > To: Matthew Fletcher; users_at_subversion.apache.org
> > Subject: RE: Slow initial repo access (https method)
> >
> > The problem may be not openssl but rather your
> authentication backend
> > (as configured in httpd.conf). For example, if you use LDAP
> > authentication and your LDAP server is slow to respond, that could
> > account for some seconds' difference.
> >
> > On Thu, 21 Apr 2011 09:44 +0100, "Matthew Fletcher"
> > <MFletcher_at_serck-controls.co.uk> wrote:
> > >
> > > Thanks for the info, enabling apache logging i can see
> > where the pause is comming from,. its between the inital client
> > connection and granting the access rights to my user.
> > A full 15 seconds ! This is a fast quad core xeon server as well.
> > >
> > > [Thu Apr 21 09:32:30 2011] [info] Connection: Client IP:
> > > 10.141.81.134, Protocol: TLSv1, Cipher:
> DHE-RSA-AES256-SHA (256/256
> > > bits) [Thu Apr 21 09:32:45 2011] [info] [client
> > 10.141.81.134] Access
> > > granted: 'MFletcher' OPTIONS Play:/
> > >
> > > How do i go about finding out why its taking so long to do
> > the inital https / SSL stuff before granting access ? I
> realise this
> > crosses the boundary between SVN/apache/OpenSSL so it might
> be tricky.
> > >
> > >
> > > regards,
> > >
> > > Matthew
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Daniel Shahaf [mailto:d.s_at_daniel.shahaf.name]
> > > > Sent: 20 April 2011 18:21
> > > > To: Matthew Fletcher; users_at_subversion.apache.org
> > > > Subject: Re: Slow initial repo access (https method)
> > > >
> > > >
> > > >
> > > > On Wed, 20 Apr 2011 14:06 +0100, "Matthew Fletcher"
> > > > <MFletcher_at_serck-controls.co.uk> wrote:
> > > > > Hi,
> > > > >
> > > > > We are using svn 1.6.16 on the server and have noticed that
> > > > there is a large pause in the inital https requests, (snip of
> > > > wireshark shown bellow). Basically it looks like this
> is a server
> > > > side issue but i am not sure where to look for logs (apache ?).
> > > >
> > > > I'd firstly try to understand what the two packets are
> on either
> > > > side of the large pause. So...
> > > >
> > > > * A dev who knows the protocol might be able to tell what those
> > > > packets are without even looking at your data;
> > > > * You might be able to decrypt the packets you posted;
> > > > * You might be able to reproduce the problem with non-ssl
> > > > connections;
> > > > * You might be able to log the packets before they get
> > encrypted (or
> > > > after decrypted).
> > > >
> > >
> > >
> >
> **********************************************************************
> > > Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK A company
> > > registered in England Reg. No. 4353634
> > > Tel: +44 (0) 24 7630 5050 Fax: +44 (0) 24 7630 2437
> > > Web: www.serck-controls.com Admin: post_at_serck-controls.co.uk A
> > > subsidiary of Schneider Electric.
> > >
> >
> **********************************************************************
> > > This email and files transmitted with it are confidential
> > and intended
> > > solely for the use of the individual or entity to whom they are
> > > addressed. If you have received this email in error please
> > notify the
> > > above. Any views or opinions presented are those of the
> > author and do
> > > not necessarily represent those of Serck Controls Ltd.
> > >
> > > This message has been scanned for malware by Mailcontrol.
> > > www.Mailcontrol.com
> > >
> >
Received on 2011-04-21 11:16:46 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.