slow https conenctions

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

slow https conenctions

Matthew Fletcher
Hi,

I've come to this list in search of help with slow https conenctions (via the subversion, apache and finally mod_ssl lits).

There is a 15 second ish delay whenever a client connects using https, i've tracked this down in the logs to the snippet shown.

-- snip --
[Thu Apr 21 11:21:49 2011] [info] Connection: Client IP: 127.0.0.1, Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits)
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
-- end --

But i really dont know how to get any further. This machine is pretty powerful, quad 3ghz xeon etc.

Full log from startup bellow,.. any help / ideas much appreciated.

[Thu Apr 21 11:21:16 2011] [info] Init: Initializing (virtual) servers for SSL
[Thu Apr 21 11:21:16 2011] [info] Configuring server for SSL protocol
[Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(465): Creating new SSL context (protocols: SSLv3, TLSv1)
[Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(661): Configuring permitted SSL ciphers [ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM]
[Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(420): Configuring TLS extension handling
[Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(792): Configuring RSA server certificate
[Thu Apr 21 11:21:16 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(831): Configuring RSA server private key
[Thu Apr 21 11:21:16 2011] [info] mod_ssl/2.2.17 compiled against Server: Apache/2.2.17, Library: OpenSSL/0.9.8r
[Thu Apr 21 11:21:16 2011] [notice] Child 3268: Child process is running
[Thu Apr 21 11:21:16 2011] [debug] mpm_winnt.c(408): Child 3268: Retrieved our scoreboard from the parent.
[Thu Apr 21 11:21:16 2011] [info] Parent: Duplicating socket 276 and sending it to child process 3268
[Thu Apr 21 11:21:16 2011] [debug] mpm_winnt.c(605): Parent: Sent 1 listeners to child 3268
[Thu Apr 21 11:21:16 2011] [debug] mpm_winnt.c(564): Child 3268: retrieved 1 listeners from parent
[Thu Apr 21 11:21:16 2011] [notice] Child 3268: Acquired the start mutex.
[Thu Apr 21 11:21:16 2011] [notice] Child 3268: Starting 64 worker threads.
[Thu Apr 21 11:21:16 2011] [notice] Child 3268: Listening on port 443.
[Thu Apr 21 11:21:49 2011] [info] [client 127.0.0.1] Connection to child 0 established (server pl161.serck-uk.internal:443)
[Thu Apr 21 11:21:49 2011] [info] Seeding PRNG with 144 bytes of entropy
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1866): OpenSSL: Handshake: start
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: before/accept initialization
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 11/11 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 16 03 01 00 df 01 00 00-db 03 01                 ...........      |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 217/217 bytes from BIO#c99cd0 [mem: ca14bb] (BIO dump follows)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 4d b0 05 3d 24 b5 92 40-cb c0 c7 84 df 99 b8 2f  M..=$..@......./ |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0010: 1c 49 78 19 74 74 b3 0d-3f 89 d3 3d 7a 90 7c 50  .Ix.tt..?..=z.|P |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0020: 00 00 5c c0 14 c0 0a 00-39 00 38 00 88 00 87 c0  ..\\.....9.8..... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0030: 0f c0 05 00 35 00 84 c0-12 c0 08 00 16 00 13 c0  ....5........... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0040: 0d c0 03 00 0a c0 13 c0-09 00 33 00 32 00 9a 00  ..........3.2... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0050: 99 00 45 00 44 c0 0e c0-04 00 2f 00 96 00 41 00  ..E.D...../...A. |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0060: 07 c0 11 c0 07 c0 0c c0-02 00 05 00 04 00 15 00  ................ |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0070: 12 00 09 00 14 00 11 00-08 00 06 00 03 00 ff 01  ................ |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0080: 00 00 56 00 00 00 0e 00-0c 00 00 09 6c 6f 63 61  ..V.........loca |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0090: 6c 68 6f 73 74 00 0b 00-04 03 00 01 02 00 0a 00  lhost........... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 00a0: 34 00 32 00 01 00 02 00-03 00 04 00 05 00 06 00  4.2............. |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 00b0: 07 00 08 00 09 00 0a 00-0b 00 0c 00 0d 00 0e 00  ................ |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 00c0: 0f 00 10 00 11 00 12 00-13 00 14 00 15 00 16 00  ................ |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 00d0: 17 00 18 00 19 00 23                             ......#          |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1865): | 0217 - <SPACES/NULS>
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1993): [client 127.0.0.1] No matching SSL virtual host for servername localhost found (using default/first virtual host)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 read client hello A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write server hello A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write certificate A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1274): [client 127.0.0.1] handing out temporary 1024 bit DH key
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write key exchange A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write server done A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 flush data
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 16 03 01 00 86                                   .....            |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 134/134 bytes from BIO#c99cd0 [mem: ca14b5] (BIO dump follows)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 10 00 00 82 00 80 32 33-35 27 87 6b e7 19 8d c6  ......235'.k.... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0010: 4d b5 c5 8d 61 31 b7 e1-16 83 3f 4b d3 e2 5a 6b  M...a1....?K..Zk |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0020: 7e 61 84 33 8a a1 35 94-33 e5 3f 88 0f 02 f8 8d  ~a.3..5.3.?..... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0030: 04 f7 38 3f 1c cf 90 88-d1 04 eb 70 a3 e6 84 1b  ..8?.......p.... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0040: ed d1 c5 36 ae 0e 73 28-9c 92 37 d6 a8 10 f7 3b  ...6..s(..7....; |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0050: a7 28 d7 29 52 08 3a d3-b6 00 8e 9d 3d 86 db 44  .(.)R.:.....=..D |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0060: 78 8e 86 95 bf 04 fd ec-ce 06 fb 3c 26 c4 84 58  x..........<&..X |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0070: c1 63 7d f9 dd 76 8f 8c-f6 c8 9f ef 7a 10 94 59  .c}..v......z..Y |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0080: 9a 24 19 eb 81 64                                .$...d           |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 read client key exchange A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 14 03 01 00 01                                   .....            |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 1/1 bytes from BIO#c99cd0 [mem: ca14b5] (BIO dump follows)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 01                                               .                |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 16 03 01 00 30                                   ....0            |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 48/48 bytes from BIO#c99cd0 [mem: ca14b5] (BIO dump follows)
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 7d 80 c9 56 ce 34 44 1f-aa 5a ff 93 ec 07 24 72  }..V.4D..Z....$r |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0010: 5b 20 0d 08 23 9c 8c 60-08 c2 df f9 6d a4 10 1a  [ ..#..`....m... |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0020: 51 3d d5 ef 16 29 ae fc-fd 65 98 24 c4 a8 1c 78  Q=...)...e.$...x |
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 read finished A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write session ticket A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write change cipher spec A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write finished A
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 flush data
[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1870): OpenSSL: Handshake: done
[Thu Apr 21 11:21:49 2011] [info] Connection: Client IP: 127.0.0.1, Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits)
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0000: 17 03 01 01 c0                                   .....            |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 448/448 bytes from BIO#c99cd0 [mem: ca14b5] (BIO dump follows)
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0000: a8 e0 7d 20 25 1a 5c 47-54 3e 17 ca a2 75 cb 49  ..} %.\\GT>...u.I |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0010: 22 f5 8f 49 ec e8 62 32-0f 54 de 74 de 11 2a cf  "..I..b2.T.t..*. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0020: 16 d9 87 67 d1 fd 13 5c-5b 34 68 e0 0b 79 ca 1a  ...g...\\[4h..y.. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0030: 9d 03 fb 5e 60 32 97 86-14 05 76 7d d4 7c b3 98  ...^`2....v}.|.. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0040: 65 fa ff e6 ab 29 91 3e-0f a9 9e 9a 0c 5f 1a 8e  e....).>....._.. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0050: 07 32 7c f5 16 ac 98 ef-2e c6 f9 aa a1 4d 27 bc  .2|..........M'. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0060: 8b eb 1f f0 2f 35 29 31-dc b0 d9 02 00 d6 33 44  ..../5)1......3D |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0070: 5c 4d 77 b1 eb b7 b5 83-c4 29 8b f9 a0 19 9e 91  \\Mw......)...... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0080: 77 df 81 3a 72 f6 41 b4-ff f3 05 8e 6e e7 38 c7  w..:r.A.....n.8. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0090: c5 bc 1f 06 57 44 01 f8-00 17 2c eb be 40 fb e6  ....WD....,..@.. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00a0: 29 8c a8 5d 36 1b b6 a2-31 38 31 dd 1d fa 44 db  )..]6...181...D. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00b0: 82 6e a9 f8 37 36 c8 df-aa 6a 49 6c 32 c3 81 a6  .n..76...jIl2... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00c0: d6 87 ef f6 2c 79 7b c9-40 fb ff 2e ca 0a 29 a8  ....,y{.@.....). |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00d0: 66 b7 9d f1 f0 0c 40 35-c3 0f b8 92 4d 6c ad a5  f.....@5....Ml.. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00e0: e2 29 d9 0e 2f 61 2e 88-48 96 32 34 e5 8a 97 c8  .)../a..H.24.... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00f0: f3 83 45 8d e7 03 a5 99-ac 49 85 de 50 81 06 3f  ..E......I..P..? |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0100: 50 f1 05 89 a1 e9 81 15-7e 6e 76 be 95 64 ff d7  P.......~nv..d.. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0110: a4 9c 0d dc 53 10 20 57-bd e5 fc 49 a6 24 48 19  ....S. W...I.$H. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0120: a8 01 c4 f6 b8 aa cb c2-43 c6 d6 e5 83 36 43 ed  ........C....6C. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0130: d0 60 05 1f e1 5c f3 08-2e 87 e0 c0 ac b6 db 0a  .`...\\.......... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0140: 23 19 1a 4c ec 0d b5 ce-9f 63 b7 a2 fc 03 35 e5  #..L.....c....5. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0150: 4f 1a 22 79 86 53 28 11-5c 3b f3 4e d8 a7 77 54  O."y.S(.\\;.N..wT |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0160: a6 03 a9 eb 5e 15 43 4a-98 54 12 4c 49 d4 8c 58  ....^.CJ.T.LI..X |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0170: 17 f5 01 34 52 90 02 3d-da c6 11 ca 55 1a fd 3c  ...4R..=....U..< |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0180: ec 81 76 e9 f6 b7 af bb-80 ee 72 7f 9e 2f 91 72  ..v.......r../.r |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0190: 69 94 bd 5d 0e d3 8f 95-01 eb d2 79 12 a4 cb 13  i..].......y.... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 01a0: 18 34 6e 1d 38 bd 43 e1-fd 0d b1 5f 9e 64 c5 5b  .4n.8.C...._.d.[ |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 01b0: 42 6d ee 99 55 b3 57 6b-ef 53 54 bb 61 57 c9 70  Bm..U.Wk.ST.aW.p |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:22:07 2011] [info] Initial (No.1) HTTPS request received for child 0 (server pl161.serck-uk.internal:443)
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0000: 17 03 01 00 80                                   .....            |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1889): OpenSSL: read 128/128 bytes from BIO#c99cd0 [mem: ca14b5] (BIO dump follows)
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1822): +-------------------------------------------------------------------------+
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0000: ec 8c 88 5a 99 42 6b 91-25 1f 26 94 5b f0 81 94  ...Z.Bk.%.&.[... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0010: 92 7d ac 1a 6f 78 f4 bb-de 19 81 6e 5e 30 80 03  .}..ox.....n^0.. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0020: fc 96 92 ef d3 41 f8 6c-b9 d7 6c d5 72 6d 4e bf  .....A.l..l.rmN. |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0030: 1c d1 ea a8 68 59 4b e6-de 06 21 f9 14 af aa b5  ....hYK...!..... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0040: 03 d2 98 49 3b a0 4f 0d-1f 13 f1 7f dd 9d 8e a7  ...I;.O......... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0050: 62 69 f1 2b b0 4a eb 7a-26 ff 60 6e 29 62 7b 62  bi.+.J.z&.`n)b{b |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0060: 10 fc 84 ec af 9b 0f 55-c9 c5 46 95 ab d0 b0 d8  .......U..F..... |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0070: c4 ff 41 d0 c1 b8 75 9e-8a f2 c3 79 e7 0e 60 6e  ..A...u....y..`n |
[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1867): +-------------------------------------------------------------------------+


regards

Matthew J Fletcher


**********************************************************************
Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK
A company registered in England Reg. No. 4353634
Tel: +44 (0) 24 7630 5050   Fax: +44 (0) 24 7630 2437
Web: www.serck-controls.com  Admin: [hidden email]
A subsidiary of Schneider Electric.
**********************************************************************
This email and files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the above. Any views or opinions presented are those of the author
and do not necessarily represent those of Serck Controls Ltd.

This message has been scanned for malware by Mailcontrol. www.Mailcontrol.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: slow https conenctions

John R Pierce
On 04/26/11 3:06 AM, Matthew Fletcher wrote:
> I've come to this list in search of help with slow https conenctions (via the subversion, apache and finally mod_ssl lits).
>
> There is a 15 second ish delay whenever a client connects using https,

15 seconds sounds to *me* like a DNS related timeout.  perhaps the
server is doing a reverse lookup on the client?




______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: slow https conenctions

Alan Buxey
Hi,
> On 04/26/11 3:06 AM, Matthew Fletcher wrote:
> > I've come to this list in search of help with slow https conenctions (via the subversion, apache and finally mod_ssl lits).
> >
> > There is a 15 second ish delay whenever a client connects using https,
>
> 15 seconds sounds to *me* like a DNS related timeout.  perhaps the
> server is doing a reverse lookup on the client?

...or is getting a AAAA record, trying to connect to that IPv6 address....and
failing, then falling back to IPv4

alan
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: slow https conenctions

Matthew Fletcher
Hi,

Thanks for the input guys, however the 15 second pause exists even if i explicitly disable reverse lookups in apache 'Hostnamelookups Off' in httpd.conf and my server is operating on an internal network in a company so although i cant say for sure i doubt there is much IPV6 stuff around.

Does anyone how how i would establish if there was a DNS related delay ? some tool that could test DNS and name lookup speeds ? i am a software guy trying to use SVN not a network guy



regards
 
Matthew J Fletcher

 
 

> -----Original Message-----
> From: Alan Buxey [mailto:[hidden email]]
> Sent: 26 April 2011 23:05
> To: [hidden email]
> Cc: Matthew Fletcher
> Subject: Re: slow https conenctions
>
> Hi,
> > On 04/26/11 3:06 AM, Matthew Fletcher wrote:
> > > I've come to this list in search of help with slow https
> conenctions (via the subversion, apache and finally mod_ssl lits).
> > >
> > > There is a 15 second ish delay whenever a client connects using
> > > https,
> >
> > 15 seconds sounds to *me* like a DNS related timeout.  perhaps the
> > server is doing a reverse lookup on the client?
>
> ...or is getting a AAAA record, trying to connect to that
> IPv6 address....and failing, then falling back to IPv4
>
> alan
>

**********************************************************************
Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK
A company registered in England Reg. No. 4353634
Tel: +44 (0) 24 7630 5050   Fax: +44 (0) 24 7630 2437
Web: www.serck-controls.com  Admin: [hidden email]
A subsidiary of Schneider Electric.
**********************************************************************
This email and files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the above. Any views or opinions presented are those of the author
and do not necessarily represent those of Serck Controls Ltd.

This message has been scanned for malware by Mailcontrol. www.Mailcontrol.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: slow https conenctions

Matthew Fletcher
In reply to this post by Alan Buxey
Hi,

Just to test if my slowness is SSL or DNS/Network related i switched the server in http mode and got the guys to re-connect. Connection times are now sub-second. So my slowness is definatly https / SSL related.

I guess that does not 100% rule out DNS/Network stuff, as SSL could be doing extra network lookups.

Are there any more SSL diagnostics i can enable to try and pinpoint the problem ?


regards
 
Matthew J Fletcher

**********************************************************************
Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK
A company registered in England Reg. No. 4353634
Tel: +44 (0) 24 7630 5050   Fax: +44 (0) 24 7630 2437
Web: www.serck-controls.com  Admin: [hidden email]
A subsidiary of Schneider Electric.
**********************************************************************
This email and files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the above. Any views or opinions presented are those of the author
and do not necessarily represent those of Serck Controls Ltd.

This message has been scanned for malware by Mailcontrol. www.Mailcontrol.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: slow https conenctions

Steffen DETTMER
* Matthew Fletcher, Wednesday, April 27, 2011 12:40 PM
> I guess that does not 100% rule out DNS/Network stuff, as SSL
> could be doing extra network lookups.
>
> Are there any more SSL diagnostics i can enable to try and
> pinpoint the problem ?

maybe checking with strace -ttt -p ... which operation takes so long?

oki,

Steffen

 
About Ingenico: Ingenico is a leading provider of payment, transaction and business solutions, with over 15 million terminals deployed in more than 125 countries. Over 3,000 employees worldwide support merchants, banks and service providers to optimize and secure their electronic payments solutions, develop their offer of services and increase their point of sales revenue.
http://www.ingenico.com/.
 This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
 P Please consider the environment before printing this e-mail
 
 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: slow https conenctions

Jim Segrave-3
In reply to this post by Matthew Fletcher
Matthew Fletcher wrote:
> Hi,
>
> Thanks for the input guys, however the 15 second pause exists even if i explicitly disable reverse lookups in apache 'Hostnamelookups Off' in httpd.conf and my server is operating on an internal network in a company so although i cant say for sure i doubt there is much IPV6 stuff around.
>
> Does anyone how how i would establish if there was a DNS related delay ? some tool that could test DNS and name lookup speeds ? i am a software guy trying to use SVN not a network guy
>

tcpdump/wireshark/ethereal to watch what packets are sent, where and
with what timings. The fact it works with a non-SSL connection means
little, as the non-SSL connection won't be trying to do a reverse lookup
to see if the certficate name matches the name bound to the IP address
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: slow https conenctions

Alan Buxey
In reply to this post by Matthew Fletcher
Hi,

> Thanks for the input guys, however the 15 second pause exists even if i explicitly disable reverse lookups in apache 'Hostnamelookups Off' in httpd.conf and my server is operating on an internal network in a company so although i cant say for sure i doubt there is much IPV6 stuff around.

the debug will probably show you this - but I dont think its a server
issue per se - its an issue at the client end.  check the behaviour
and environment of the end client....

alan
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: slow https conenctions

Eric S. Eberhard-2
In reply to this post by Matthew Fletcher
I suspect client behavior is incorrect.  It could have to do with 1.1
HTTP, especially if client is PHP (because of 100 continue
problems).  There are several other documented delays including a 15
second default keep alive.  There is also a cURL problem that can
cause this on the client side.

http://curl.haxx.se/mail/curlphp-2005-01/0011.html
http://php.net/manual/en/function.file-get-contents.php

Eric




At 03:06 AM 4/26/2011, Matthew Fletcher wrote:

>Hi,
>
>I've come to this list in search of help with slow https conenctions
>(via the subversion, apache and finally mod_ssl lits).
>
>There is a 15 second ish delay whenever a client connects using
>https, i've tracked this down in the logs to the snippet shown.
>
>-- snip --
>[Thu Apr 21 11:21:49 2011] [info] Connection: Client IP: 127.0.0.1,
>Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits)
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1889): OpenSSL:
>read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
>-- end --
>
>But i really dont know how to get any further. This machine is
>pretty powerful, quad 3ghz xeon etc.
>
>Full log from startup bellow,.. any help / ideas much appreciated.
>
>[Thu Apr 21 11:21:16 2011] [info] Init: Initializing (virtual) servers for SSL
>[Thu Apr 21 11:21:16 2011] [info] Configuring server for SSL protocol
>[Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(465): Creating
>new SSL context (protocols: SSLv3, TLSv1)
>[Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(661):
>Configuring permitted SSL ciphers
>[ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM]
>[Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(420):
>Configuring TLS extension handling
>[Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(792):
>Configuring RSA server certificate
>[Thu Apr 21 11:21:16 2011] [warn] RSA server certificate is a CA
>certificate (BasicConstraints: CA == TRUE !?)
>[Thu Apr 21 11:21:16 2011] [debug] ssl_engine_init.c(831):
>Configuring RSA server private key
>[Thu Apr 21 11:21:16 2011] [info] mod_ssl/2.2.17 compiled against
>Server: Apache/2.2.17, Library: OpenSSL/0.9.8r
>[Thu Apr 21 11:21:16 2011] [notice] Child 3268: Child process is running
>[Thu Apr 21 11:21:16 2011] [debug] mpm_winnt.c(408): Child 3268:
>Retrieved our scoreboard from the parent.
>[Thu Apr 21 11:21:16 2011] [info] Parent: Duplicating socket 276 and
>sending it to child process 3268
>[Thu Apr 21 11:21:16 2011] [debug] mpm_winnt.c(605): Parent: Sent 1
>listeners to child 3268
>[Thu Apr 21 11:21:16 2011] [debug] mpm_winnt.c(564): Child 3268:
>retrieved 1 listeners from parent
>[Thu Apr 21 11:21:16 2011] [notice] Child 3268: Acquired the start mutex.
>[Thu Apr 21 11:21:16 2011] [notice] Child 3268: Starting 64 worker threads.
>[Thu Apr 21 11:21:16 2011] [notice] Child 3268: Listening on port 443.
>[Thu Apr 21 11:21:49 2011] [info] [client 127.0.0.1] Connection to
>child 0 established (server pl161.serck-uk.internal:443)
>[Thu Apr 21 11:21:49 2011] [info] Seeding PRNG with 144 bytes of entropy
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1866):
>OpenSSL: Handshake: start
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874):
>OpenSSL: Loop: before/accept initialization
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL:
>read 11/11 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 16
>03 01 00 df 01 00 00-db 03 01                 ...........      |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL:
>read 217/217 bytes from BIO#c99cd0 [mem: ca14bb] (BIO dump follows)
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 4d
>b0 05 3d 24 b5 92 40-cb c0 c7 84 df 99 b8 2f  M..=$..@......./ |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0010: 1c
>49 78 19 74 74 b3 0d-3f 89 d3 3d 7a 90 7c 50  .Ix.tt..?..=z.|P |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0020: 00
>00 5c c0 14 c0 0a 00-39 00 38 00 88 00 87 c0  ..\\.....9.8..... |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0030: 0f
>c0 05 00 35 00 84 c0-12 c0 08 00 16 00 13 c0  ....5........... |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0040: 0d
>c0 03 00 0a c0 13 c0-09 00 33 00 32 00 9a 00  ..........3.2... |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0050: 99
>00 45 00 44 c0 0e c0-04 00 2f 00 96 00 41 00  ..E.D...../...A. |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0060: 07
>c0 11 c0 07 c0 0c c0-02 00 05 00 04 00 15 00  ................ |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0070: 12
>00 09 00 14 00 11 00-08 00 06 00 03 00 ff 01  ................ |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0080: 00
>00 56 00 00 00 0e 00-0c 00 00 09 6c 6f 63 61  ..V.........loca |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0090: 6c
>68 6f 73 74 00 0b 00-04 03 00 01 02 00 0a 00  lhost........... |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 00a0: 34
>00 32 00 01 00 02 00-03 00 04 00 05 00 06 00  4.2............. |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 00b0: 07
>00 08 00 09 00 0a 00-0b 00 0c 00 0d 00 0e 00  ................ |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 00c0: 0f
>00 10 00 11 00 12 00-13 00 14 00 15 00 16 00  ................ |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 00d0: 17
>00 18 00 19 00 23                             ......#          |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1865): | 0217 -
><SPACES/NULS>
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1993):
>[client 127.0.0.1] No matching SSL virtual host for servername
>localhost found (using default/first virtual host)
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874):
>OpenSSL: Loop: SSLv3 read client hello A
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874):
>OpenSSL: Loop: SSLv3 write server hello A
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874):
>OpenSSL: Loop: SSLv3 write certificate A
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1274):
>[client 127.0.0.1] handing out temporary 1024 bit DH key
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874):
>OpenSSL: Loop: SSLv3 write key exchange A
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874):
>OpenSSL: Loop: SSLv3 write server done A
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874):
>OpenSSL: Loop: SSLv3 flush data
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL:
>read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 16
>03 01 00 86                                   .....            |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL:
>read 134/134 bytes from BIO#c99cd0 [mem: ca14b5] (BIO dump follows)
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 10
>00 00 82 00 80 32 33-35 27 87 6b e7 19 8d c6  ......235'.k.... |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0010: 4d
>b5 c5 8d 61 31 b7 e1-16 83 3f 4b d3 e2 5a 6b  M...a1....?K..Zk |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0020: 7e
>61 84 33 8a a1 35 94-33 e5 3f 88 0f 02 f8 8d  ~a.3..5.3.?..... |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0030: 04
>f7 38 3f 1c cf 90 88-d1 04 eb 70 a3 e6 84 1b  ..8?.......p.... |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0040: ed
>d1 c5 36 ae 0e 73 28-9c 92 37 d6 a8 10 f7 3b  ...6..s(..7....; |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0050: a7
>28 d7 29 52 08 3a d3-b6 00 8e 9d 3d 86 db 44  .(.)R.:.....=..D |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0060: 78
>8e 86 95 bf 04 fd ec-ce 06 fb 3c 26 c4 84 58  x..........<&..X |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0070: c1
>63 7d f9 dd 76 8f 8c-f6 c8 9f ef 7a 10 94 59  .c}..v......z..Y |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0080: 9a
>24 19 eb 81 64                                .$...d           |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874):
>OpenSSL: Loop: SSLv3 read client key exchange A
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL:
>read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 14
>03 01 00 01                                   .....            |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL:
>read 1/1 bytes from BIO#c99cd0 [mem: ca14b5] (BIO dump follows)
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000:
>01                                               .                |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL:
>read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 16
>03 01 00 30                                   ....0            |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1889): OpenSSL:
>read 48/48 bytes from BIO#c99cd0 [mem: ca14b5] (BIO dump follows)
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1822):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0000: 7d
>80 c9 56 ce 34 44 1f-aa 5a ff 93 ec 07 24 72  }..V.4D..Z....$r |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0010: 5b
>20 0d 08 23 9c 8c 60-08 c2 df f9 6d a4 10 1a  [ ..#..`....m... |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1861): | 0020: 51
>3d d5 ef 16 29 ae fc-fd 65 98 24 c4 a8 1c 78  Q=...)...e.$...x |
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_io.c(1867):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874):
>OpenSSL: Loop: SSLv3 read finished A
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874):
>OpenSSL: Loop: SSLv3 write session ticket A
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874):
>OpenSSL: Loop: SSLv3 write change cipher spec A
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874):
>OpenSSL: Loop: SSLv3 write finished A
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1874):
>OpenSSL: Loop: SSLv3 flush data
>[Thu Apr 21 11:21:49 2011] [debug] ssl_engine_kernel.c(1870):
>OpenSSL: Handshake: done
>[Thu Apr 21 11:21:49 2011] [info] Connection: Client IP: 127.0.0.1,
>Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits)
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1889): OpenSSL:
>read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1822):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0000: 17
>03 01 01 c0                                   .....            |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1867):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1889): OpenSSL:
>read 448/448 bytes from BIO#c99cd0 [mem: ca14b5] (BIO dump follows)
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1822):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0000: a8
>e0 7d 20 25 1a 5c 47-54 3e 17 ca a2 75 cb 49  ..} %.\\GT>...u.I |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0010: 22
>f5 8f 49 ec e8 62 32-0f 54 de 74 de 11 2a cf  "..I..b2.T.t..*. |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0020: 16
>d9 87 67 d1 fd 13 5c-5b 34 68 e0 0b 79 ca 1a  ...g...\\[4h..y.. |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0030: 9d
>03 fb 5e 60 32 97 86-14 05 76 7d d4 7c b3 98  ...^`2....v}.|.. |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0040: 65
>fa ff e6 ab 29 91 3e-0f a9 9e 9a 0c 5f 1a 8e  e....).>....._.. |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0050: 07
>32 7c f5 16 ac 98 ef-2e c6 f9 aa a1 4d 27 bc  .2|..........M'. |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0060: 8b
>eb 1f f0 2f 35 29 31-dc b0 d9 02 00 d6 33 44  ..../5)1......3D |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0070: 5c
>4d 77 b1 eb b7 b5 83-c4 29 8b f9 a0 19 9e 91  \\Mw......)...... |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0080: 77
>df 81 3a 72 f6 41 b4-ff f3 05 8e 6e e7 38 c7  w..:r.A.....n.8. |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0090: c5
>bc 1f 06 57 44 01 f8-00 17 2c eb be 40 fb e6  ....WD....,..@.. |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00a0: 29
>8c a8 5d 36 1b b6 a2-31 38 31 dd 1d fa 44 db  )..]6...181...D. |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00b0: 82
>6e a9 f8 37 36 c8 df-aa 6a 49 6c 32 c3 81 a6  .n..76...jIl2... |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00c0: d6
>87 ef f6 2c 79 7b c9-40 fb ff 2e ca 0a 29 a8  ....,y{.@.....). |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00d0: 66
>b7 9d f1 f0 0c 40 35-c3 0f b8 92 4d 6c ad a5  f.....@5....Ml.. |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00e0: e2
>29 d9 0e 2f 61 2e 88-48 96 32 34 e5 8a 97 c8  .)../a..H.24.... |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 00f0: f3
>83 45 8d e7 03 a5 99-ac 49 85 de 50 81 06 3f  ..E......I..P..? |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0100: 50
>f1 05 89 a1 e9 81 15-7e 6e 76 be 95 64 ff d7  P.......~nv..d.. |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0110: a4
>9c 0d dc 53 10 20 57-bd e5 fc 49 a6 24 48 19  ....S. W...I.$H. |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0120: a8
>01 c4 f6 b8 aa cb c2-43 c6 d6 e5 83 36 43 ed  ........C....6C. |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0130: d0
>60 05 1f e1 5c f3 08-2e 87 e0 c0 ac b6 db 0a  .`...\\.......... |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0140: 23
>19 1a 4c ec 0d b5 ce-9f 63 b7 a2 fc 03 35 e5  #..L.....c....5. |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0150: 4f
>1a 22 79 86 53 28 11-5c 3b f3 4e d8 a7 77 54  O."y.S(.\\;.N..wT |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0160: a6
>03 a9 eb 5e 15 43 4a-98 54 12 4c 49 d4 8c 58  ....^.CJ.T.LI..X |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0170: 17
>f5 01 34 52 90 02 3d-da c6 11 ca 55 1a fd 3c  ...4R..=....U..< |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0180: ec
>81 76 e9 f6 b7 af bb-80 ee 72 7f 9e 2f 91 72  ..v.......r../.r |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0190: 69
>94 bd 5d 0e d3 8f 95-01 eb d2 79 12 a4 cb 13  i..].......y.... |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 01a0: 18
>34 6e 1d 38 bd 43 e1-fd 0d b1 5f 9e 64 c5 5b  .4n.8.C...._.d.[ |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 01b0: 42
>6d ee 99 55 b3 57 6b-ef 53 54 bb 61 57 c9 70  Bm..U.Wk.ST.aW.p |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1867):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:22:07 2011] [info] Initial (No.1) HTTPS request
>received for child 0 (server pl161.serck-uk.internal:443)
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1889): OpenSSL:
>read 5/5 bytes from BIO#c99cd0 [mem: ca14b0] (BIO dump follows)
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1822):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0000: 17
>03 01 00 80                                   .....            |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1867):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1889): OpenSSL:
>read 128/128 bytes from BIO#c99cd0 [mem: ca14b5] (BIO dump follows)
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1822):
>+-------------------------------------------------------------------------+
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0000: ec
>8c 88 5a 99 42 6b 91-25 1f 26 94 5b f0 81 94  ...Z.Bk.%.&.[... |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0010: 92
>7d ac 1a 6f 78 f4 bb-de 19 81 6e 5e 30 80 03  .}..ox.....n^0.. |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0020: fc
>96 92 ef d3 41 f8 6c-b9 d7 6c d5 72 6d 4e bf  .....A.l..l.rmN. |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0030: 1c
>d1 ea a8 68 59 4b e6-de 06 21 f9 14 af aa b5  ....hYK...!..... |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0040: 03
>d2 98 49 3b a0 4f 0d-1f 13 f1 7f dd 9d 8e a7  ...I;.O......... |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0050: 62
>69 f1 2b b0 4a eb 7a-26 ff 60 6e 29 62 7b 62  bi.+.J.z&.`n)b{b |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0060: 10
>fc 84 ec af 9b 0f 55-c9 c5 46 95 ab d0 b0 d8  .......U..F..... |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1861): | 0070: c4
>ff 41 d0 c1 b8 75 9e-8a f2 c3 79 e7 0e 60 6e  ..A...u....y..`n |
>[Thu Apr 21 11:22:07 2011] [debug] ssl_engine_io.c(1867):
>+-------------------------------------------------------------------------+
>
>
>regards
>
>Matthew J Fletcher
>
>
>**********************************************************************
>Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK
>A company registered in England Reg. No. 4353634
>Tel: +44 (0) 24 7630 5050   Fax: +44 (0) 24 7630 2437
>Web: www.serck-controls.com  Admin: [hidden email]
>A subsidiary of Schneider Electric.
>**********************************************************************
>This email and files transmitted with it are confidential and
>intended solely for the use of the individual or entity to whom they
>are addressed. If you have received this email in error please notify
>the above. Any views or opinions presented are those of the author
>and do not necessarily represent those of Serck Controls Ltd.
>
>This message has been scanned for malware by Mailcontrol. www.Mailcontrol.com
>______________________________________________________________________
>OpenSSL Project                                 http://www.openssl.org
>User Support Mailing List                    [hidden email]
>Automated List Manager                           [hidden email]


Eric S. Eberhard
(928) 567-3727          Voice
(928) 567-6122          Fax
(928) 301-7537                           Cell

Vertical Integrated Computer Systems, LLC
Metropolis Support, LLC

For Metropolis support and VICS MBA Support!!!!    http://www.vicsmba.com

Pictures of Snake in Spring

http://www.facebook.com/album.php?aid=115547&id=1409661701&l=1c375e1f49

Pictures of Camp Verde

http://www.facebook.com/album.php?aid=12771&id=1409661701&l=fc0e0a2bcf

Pictures of Land Cruiser in Sedona

http://www.facebook.com/album.php?aid=50953&id=1409661701

Pictures of Flagstaff area near our cabin

http://www.facebook.com/album.php?aid=12750&id=1409661701

Pictures of Cheryl in a Horse Show

http://www.facebook.com/album.php?aid=32484&id=1409661701


Pictures of the AZ Desert

http://www.facebook.com/album.php?aid=58827&id=1409661701

(You can see why we love this state :-) )








______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: slow https conenctions

Matthew Fletcher
In reply to this post by Alan Buxey
Hi,

Just to let everyone know that the problem turned out to be that SSL applications on Windows (the TortoiseSVN client in our case) lookup www.download.windowsupdate.com to get updates to the certificate revocation list. See http://support.microsoft.com/kb/317541

We operate in an environment with no direct internet access (proxy only) so this request failed and made a 15 second pause on every connection.
 

regards

Matthew J Fletcher

**********************************************************************
Serck Controls Ltd, Rowley Drive, Coventry, CV3 4FH, UK
A company registered in England Reg. No. 4353634
Tel: +44 (0) 24 7630 5050   Fax: +44 (0) 24 7630 2437
Web: www.serck-controls.com  Admin: [hidden email]
A subsidiary of Schneider Electric.
**********************************************************************
This email and files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the above. Any views or opinions presented are those of the author
and do not necessarily represent those of Serck Controls Ltd.

This message has been scanned for malware by Mailcontrol. www.Mailcontrol.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]