Thanks Alexander. This is why i stated up front i am not an expert.
:) However, i did take a little time to try and prove my theory. I grabbed the latest SVNKit source, built it and installed the plugin in Eclipse (coupled with Subclipse) then proceeded to debug it. Everytime i looked at the SSLSession object gleaned from the SSLSocket object in HTTPConnection class, method request(), it's isSessionResumption member is always false, always. Further, here are some examples of behavior i see: 1. When going to SVN Repository Exploring perspective in Eclipse and simply navigating the tree structure, the full-deal SSL handshake is performed every time i expand a folder. 2. When shift-clicking and checking out multiple projects, the full-deal SSL handshake is performed prior to checking out each one. 3. (This is one of the most painful) when reverting local changes, the full-deal SSL handshake is performed for EACH file being reverted. These are just a few examples. >From what you say below and what i have experienced, most likely some of this is coming from the Subclipse plugin and how it is utilizing the SVNKit libraries. Maybe it's throwing away things and starting fresh when it shouldn't. However, i did go one step further and make the SSLContext object static and rebuilt to test. If left hanging around then the SSL sessions are resumed and the full-deal handshake is no longer performed before each operation and everything behaves much more pleasant. But again, not being an expert, this change may have consequences i am not thinking of. Let me know what you think. Thanks! Ben Hello Ben, Thank you for sharing your concern. However, with HTTP the [ssl]socket is reused for each subsequent HTTP request, so I do not think SSLContext is recreated for each request. Whether connection is persistent or not depends on HTTP Keep-Alive header value (and that depends on the server settings), so I think that SSLContext might be created a few times during SVN operation like update or getDir, but it should not happen for each HTTP request. Do you experience different behavior? Thanks! Alexander Kitaev, TMate Software, http://subgit.com/ - Svn to Git Migration! http://svnkit.com/ - Java [Sub]Versioning Library! http://hg4j.com/ - Java Mercurial Library! http://sqljet.com/ - Java SQLite Library! Hello Ben, Thank you for sharing your concern. However, with HTTP the [ssl]socket is reused for each subsequent HTTP request, so I do not think SSLContext is recreated for each request. Whether connection is persistent or not depends on HTTP Keep-Alive header value (and that depends on the server settings), so I think that SSLContext might be created a few times during SVN operation like update or getDir, but it should not happen for each HTTP request. Do you experience different behavior? Thanks! Alexander Kitaev, TMate Software, http://subgit.com/ - Svn to Git Migration! http://svnkit.com/ - Java [Sub]Versioning Library! http://hg4j.com/ - Java Mercurial Library! http://sqljet.com/ - Java SQLite Library! On Thu, Oct 8, 2015 at 1:31 AM, Ben Castellucci <ben...@gmail.com> wrote: > Bump... > > Any thoughts about making a change like this? > On Sep 30, 2015 10:46 AM, "Ben Castellucci" <ben...@gmail.com> wrote: > >> Greetings. >> >> This may indeed be the wrong place to bring this up. If so, could someone >> kindly direct me to the right place (be that a feature request or issue or >> whatever)? >> >> Also, I will disclose I am not an expert in any way regarding how Java >> handles SSL communication so I may be completely off base here. >> >> However, I was perusing the source and noticed in SVNSocketFactory.java, >> method createSSLContext(), it looks like a brand new SSLContext object is >> created every time. This ends up that the entire SSL handshake must be >> repeated for each and every SVN operation because the built in support for >> session resume is not able to function. >> >> If the SSLContext object were stored in some way, possibly a static >> variable or something, that should allow SSL session resume which would >> avoid this issue. >> >> I realize this would have no benefit for command line as it's a new JVM >> each time, however it would benefit GUI clients immensely. It would greatly >> speed up operations and make using SVN over SSL orders of magnitude more >> pleasant. >> >> Let me know any thoughts. >> >> Thanks! >> Ben >> >
