You may wish to try the users@httpd.a.o list too, this is by now more of an httpd discussion than a mod_dav_svn one.
Matthew Fletcher wrote on Thu, Apr 21, 2011 at 10:55:17 +0100: > Hi, > > Poor description on my part sorry, in my httpd.conf i explicitly turned of > hostname lookups. That made no noticeable difference. > > I think its mod_ssl/openssl (am using 0.9.8r) just being slow, unfortunately > even with apache logs set to "debug" verbosity there is no output on this, so > will try and turn on logging within mod_ssl. > > > regards > > Matthew J Fletcher > > > > -----Original Message----- > > From: Daniel Shahaf [mailto:d...@daniel.shahaf.name] > > Sent: 21 April 2011 10:25 > > To: Matthew Fletcher > > Cc: users@subversion.apache.org > > Subject: Re: Slow initial repo access (https method) > > > > What do you mean by "accessing the repo via IP address"? > > Without having read your link, I expect it does a reverse DNS > > lookup on the client's address (i.e., the IP address of the > > box where the working copy resides), and just accessing the > > repository as http://192.87.106.227 instead of > > http://svn.apache.org won't affect that. > > > > The test would be > > % ssh svn.apache.org time dig -x '$(echo $SSH_CONNECTION | > > cut -d " " -f 1)' > > > > (this assumes you have a sh-like, not csh-like, login shell) > > > > Matthew Fletcher wrote on Thu, Apr 21, 2011 at 10:16:29 +0100: > > > Hi, > > > > > > Our IT guys have been quite helpful and checked the DNS > > setup (and showed it to me), looks fine. A test accessing the > > repo via IP address gives the same delay. > > > > > > > > > regards > > > > > > Matthew J Fletcher | Serck Controls | United Kingdom > > | Lead Software Engineer > > > Phone: +44 2476 305050 | Direct Dial: +44 2476 515089 > > > Email: mfletc...@serck-controls.co.uk | Site: > > www.serck-controls.co.uk | Address: Rowley Drive, > > Coventry, CV3 4FH, United Kingdom > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: Matthew Fletcher > > > > Sent: 21 April 2011 09:55 > > > > To: 'Daniel Shahaf'; users@subversion.apache.org > > > > Subject: RE: Slow initial repo access (https method) > > > > > > > > > > > > Hi, > > > > > > > > Nothing as fancy as LDAP, just a basic file. > > > > > > > > AuthType Basic > > > > AuthBasicProvider file > > > > > > > > > > > > I wonder if it could be due to DNS name lookup issues, > > > > > > > > http://old.nabble.com/Using-SSL-between-Apache-proxy-and-Synap > > > > > > se-causes-consistent-10-second-delay-in-SSL-handshake-td16014406.htm > > > > l > > > > > > > > "Check if reverse DNS lookups are the same for both > > production and > > > > stating/integration. The 10 second delays are usually caused by > > > > reverse lookups when accepting connections, since we try > > to get the > > > > hostname for logging." > > > > > > > > I will look into that. > > > > > > > > > > > > regards > > > > > > > > Matthew > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Daniel Shahaf [mailto:d...@daniel.shahaf.name] > > > > > Sent: 21 April 2011 09:49 > > > > > To: Matthew Fletcher; users@subversion.apache.org > > > > > Subject: RE: Slow initial repo access (https method) > > > > > > > > > > The problem may be not openssl but rather your > > > > authentication backend > > > > > (as configured in httpd.conf). For example, if you use LDAP > > > > > authentication and your LDAP server is slow to respond, > > that could > > > > > account for some seconds' difference. > > > > > > > > > > On Thu, 21 Apr 2011 09:44 +0100, "Matthew Fletcher" > > > > > <mfletc...@serck-controls.co.uk> wrote: > > > > > > > > > > > > Thanks for the info, enabling apache logging i can see > > > > > where the pause is comming from,. its between the inital client > > > > > connection and granting the access rights to my user. > > > > > A full 15 seconds ! This is a fast quad core xeon > > server as well. > > > > > > > > > > > > [Thu Apr 21 09:32:30 2011] [info] Connection: Client IP: > > > > > > 10.141.81.134, Protocol: TLSv1, Cipher: > > > > DHE-RSA-AES256-SHA (256/256 > > > > > > bits) [Thu Apr 21 09:32:45 2011] [info] [client > > > > > 10.141.81.134] Access > > > > > > granted: 'MFletcher' OPTIONS Play:/ > > > > > > > > > > > > How do i go about finding out why its taking so long to do > > > > > the inital https / SSL stuff before granting access ? I > > > > realise this > > > > > crosses the boundary between SVN/apache/OpenSSL so it might > > > > be tricky. > > > > > > > > > > > > > > > > > > regards, > > > > > > > > > > > > Matthew > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Daniel Shahaf [mailto:d...@daniel.shahaf.name] > > > > > > > Sent: 20 April 2011 18:21 > > > > > > > To: Matthew Fletcher; users@subversion.apache.org > > > > > > > Subject: Re: Slow initial repo access (https method) > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Wed, 20 Apr 2011 14:06 +0100, "Matthew Fletcher" > > > > > > > <mfletc...@serck-controls.co.uk> wrote: > > > > > > > > Hi, > > > > > > > > > > > > > > > > We are using svn 1.6.16 on the server and have > > noticed that > > > > > > > there is a large pause in the inital https > > requests, (snip of > > > > > > > wireshark shown bellow). Basically it looks like this > > > > is a server > > > > > > > side issue but i am not sure where to look for logs > > (apache ?). > > > > > > > > > > > > > > I'd firstly try to understand what the two packets are > > > > on either > > > > > > > side of the large pause. So... > > > > > > > > > > > > > > * A dev who knows the protocol might be able to tell what > > > > > > > those packets are without even looking at your data; > > > > > > > * You might be able to decrypt the packets you posted; > > > > > > > * You might be able to reproduce the problem with non-ssl > > > > > > > connections; > > > > > > > * You might be able to log the packets before they get > > > > > encrypted (or > > > > > > > after decrypted). > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ******************************************************************** > > > > ** > > > > > > Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK A > > > > > > company registered in England Reg. No. 4353634 > > > > > > Tel: +44 (0) 24 7630 5050 Fax: +44 (0) 24 7630 2437 > > > > > > Web: www.serck-controls.com Admin: > > p...@serck-controls.co.uk A > > > > > > subsidiary of Schneider Electric. > > > > > > > > > > > > > > > > > ******************************************************************** > > > > ** > > > > > > This email and files transmitted with it are confidential > > > > > and intended > > > > > > solely for the use of the individual or entity to > > whom they are > > > > > > addressed. If you have received this email in error please > > > > > notify the > > > > > > above. Any views or opinions presented are those of the > > > > > author and do > > > > > > not necessarily represent those of Serck Controls Ltd. > > > > > > > > > > > > This message has been scanned for malware by Mailcontrol. > > > > > > www.Mailcontrol.com > > > > > > > > > > > > >
