What do you mean by "accessing the repo via IP address"? Without having read your link, I expect it does a reverse DNS lookup on the client's address (i.e., the IP address of the box where the working copy resides), and just accessing the repository as http://192.87.106.227 instead of http://svn.apache.org won't affect that.
The test would be % ssh svn.apache.org time dig -x '$(echo $SSH_CONNECTION | cut -d " " -f 1)' (this assumes you have a sh-like, not csh-like, login shell) Matthew Fletcher wrote on Thu, Apr 21, 2011 at 10:16:29 +0100: > Hi, > > Our IT guys have been quite helpful and checked the DNS setup (and showed it > to me), looks fine. A test accessing the repo via IP address gives the same > delay. > > > regards > > Matthew J Fletcher | Serck Controls | United Kingdom | Lead Software > Engineer > Phone: +44 2476 305050 | Direct Dial: +44 2476 515089 > Email: mfletc...@serck-controls.co.uk | Site: www.serck-controls.co.uk | > Address: Rowley Drive, Coventry, CV3 4FH, United Kingdom > > > > > > > -----Original Message----- > > From: Matthew Fletcher > > Sent: 21 April 2011 09:55 > > To: 'Daniel Shahaf'; users@subversion.apache.org > > Subject: RE: Slow initial repo access (https method) > > > > > > Hi, > > > > Nothing as fancy as LDAP, just a basic file. > > > > AuthType Basic > > AuthBasicProvider file > > > > > > I wonder if it could be due to DNS name lookup issues, > > > > http://old.nabble.com/Using-SSL-between-Apache-proxy-and-Synap > > se-causes-consistent-10-second-delay-in-SSL-handshake-td16014406.html > > > > "Check if reverse DNS lookups are the same for both > > production and stating/integration. The 10 second delays are > > usually caused by reverse lookups when accepting connections, > > since we try to get the hostname for logging." > > > > I will look into that. > > > > > > regards > > > > Matthew > > > > > > > > > -----Original Message----- > > > From: Daniel Shahaf [mailto:d...@daniel.shahaf.name] > > > Sent: 21 April 2011 09:49 > > > To: Matthew Fletcher; users@subversion.apache.org > > > Subject: RE: Slow initial repo access (https method) > > > > > > The problem may be not openssl but rather your > > authentication backend > > > (as configured in httpd.conf). For example, if you use LDAP > > > authentication and your LDAP server is slow to respond, that could > > > account for some seconds' difference. > > > > > > On Thu, 21 Apr 2011 09:44 +0100, "Matthew Fletcher" > > > <mfletc...@serck-controls.co.uk> wrote: > > > > > > > > Thanks for the info, enabling apache logging i can see > > > where the pause is comming from,. its between the inital client > > > connection and granting the access rights to my user. > > > A full 15 seconds ! This is a fast quad core xeon server as well. > > > > > > > > [Thu Apr 21 09:32:30 2011] [info] Connection: Client IP: > > > > 10.141.81.134, Protocol: TLSv1, Cipher: > > DHE-RSA-AES256-SHA (256/256 > > > > bits) [Thu Apr 21 09:32:45 2011] [info] [client > > > 10.141.81.134] Access > > > > granted: 'MFletcher' OPTIONS Play:/ > > > > > > > > How do i go about finding out why its taking so long to do > > > the inital https / SSL stuff before granting access ? I > > realise this > > > crosses the boundary between SVN/apache/OpenSSL so it might > > be tricky. > > > > > > > > > > > > regards, > > > > > > > > Matthew > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Daniel Shahaf [mailto:d...@daniel.shahaf.name] > > > > > Sent: 20 April 2011 18:21 > > > > > To: Matthew Fletcher; users@subversion.apache.org > > > > > Subject: Re: Slow initial repo access (https method) > > > > > > > > > > > > > > > > > > > > On Wed, 20 Apr 2011 14:06 +0100, "Matthew Fletcher" > > > > > <mfletc...@serck-controls.co.uk> wrote: > > > > > > Hi, > > > > > > > > > > > > We are using svn 1.6.16 on the server and have noticed that > > > > > there is a large pause in the inital https requests, (snip of > > > > > wireshark shown bellow). Basically it looks like this > > is a server > > > > > side issue but i am not sure where to look for logs (apache ?). > > > > > > > > > > I'd firstly try to understand what the two packets are > > on either > > > > > side of the large pause. So... > > > > > > > > > > * A dev who knows the protocol might be able to tell what those > > > > > packets are without even looking at your data; > > > > > * You might be able to decrypt the packets you posted; > > > > > * You might be able to reproduce the problem with non-ssl > > > > > connections; > > > > > * You might be able to log the packets before they get > > > encrypted (or > > > > > after decrypted). > > > > > > > > > > > > > > > > > > ********************************************************************** > > > > Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK A company > > > > registered in England Reg. No. 4353634 > > > > Tel: +44 (0) 24 7630 5050 Fax: +44 (0) 24 7630 2437 > > > > Web: www.serck-controls.com Admin: p...@serck-controls.co.uk A > > > > subsidiary of Schneider Electric. > > > > > > > > > ********************************************************************** > > > > This email and files transmitted with it are confidential > > > and intended > > > > solely for the use of the individual or entity to whom they are > > > > addressed. If you have received this email in error please > > > notify the > > > > above. Any views or opinions presented are those of the > > > author and do > > > > not necessarily represent those of Serck Controls Ltd. > > > > > > > > This message has been scanned for malware by Mailcontrol. > > > > www.Mailcontrol.com > > > > > > >
