emlynuk

Q: OCSP Service using up quite a bit of bandwidth

I have been tracking down an issue regarding our ISP bandwidth usage (very high).

 

I believe I have found an issue with the OCSP daemon (ocspd) using up quite a bit of bandwidth for no apparent reason - my initial tests seem to show that this daemon, under Mavericks, is using about 100MB of download bandwidth per day (approx 3GB per month).  This is huge considering that this process is meant to cache retrieved results (assuming of course it is getting results).

 

As a further test, I had 2 Macs running Mavericks and 1 running ML overnight, with all machines running RubberNet to monitor per process bandwidth.

On both Mav machines, the ocspd daemon used up the traffic as per above but ML used no bandiwdth for the same process.

 

The implications here is that users with bandwidth limited connections (e.g. Satallite or Mobile) will use up much of their allowance when at idle hence my interest.

 

Can someone verify these findings?

 

Just a wild thought: Perhaps because the keychain is now sent to iCloud in Mav, I wonder if the certificates are being checked more often for security reasons.

 

Thanks

Emlyn

iMac, OS X Mavericks (10.9)

Posted on Nov 10, 2013 5:48 AM

Close

Q: OCSP Service using up quite a bit of bandwidth

  • All replies
  • Helpful answers

first Previous Page 6 of 9 last Next
  • by stevefrombraddon,

    stevefrombraddon stevefrombraddon Dec 9, 2013 10:14 PM in response to emlynuk
    Level 1 (0 points)
    Dec 9, 2013 10:14 PM in response to emlynuk

    Another update from my Apple man.... he says;

     

    "I have received an update from our Engineering that Apple has recently fixed the issue on their server. Kindly turn back the OCSP and CRL back from the Keychain Preferences again and we’ll observe the behavior. Please carefully check the data usage after you turn this on to avoid any high consumption on your data just in case if issue still persist. Thanks Steve!"

     

    I'm game ... so we will see what happens.

     

    Thanks for the input from everyone out there.

     

    Steve

  • by Mac_Ray,

    Mac_Ray Mac_Ray Dec 10, 2013 2:17 AM in response to stevefrombraddon
    Level 1 (0 points)
    Dec 10, 2013 2:17 AM in response to stevefrombraddon

    Apple has recently fixed the issue on their server.

     

    Somebody is able to confirm that?

     

    Greetings Ray

  • by Steffel,

    Steffel Steffel Dec 10, 2013 6:44 AM in response to emlynuk
    Level 1 (0 points)
    Dec 10, 2013 6:44 AM in response to emlynuk

    Hi All,

     

    have you seen this thread:

    https://discussions.apple.com/message/23948089#23948089

     

    It seems that devimages.apple.com which is part of the ocspd process tries to download a 35MB file but only keeps the connection alive for about 7 seconds. This time is too short for most of the Internet conncetions to receive the full file, so the system seems to try to get the full file again and again (for 7 seconds). Some users report they have seen up to 50 times the attempt to download this file resulting in 1GB of traffic per day.

    On our server, this problem still seems to be persisting. It does not seem to be solved yet and I guess this will have to be adressed with a system update.

     

    For us this isn't a problem as we have a real Internet flatrate, but what about all the mass of people with a limited data plan in the rest of the world? I don't understand why this isn't even commented by Apple.

    This is getting Windows like! ;-)

     

    Regards

    Steffel

  • by Elrainia,

    Elrainia Elrainia Dec 10, 2013 6:52 AM in response to Steffel
    Level 1 (0 points)
    Dec 10, 2013 6:52 AM in response to Steffel

    Steffel wrote:

     

    I don't understand why this isn't even commented by Apple.

     

    For better or for worse, this is the way Apple has always worked and I can't see them changing anytime soon.  On the plus side, there's a pretty good chance the problem will be fixed in a future update with zero fanfare from 1 Infinte Loop.

     

    While I'm here....  It's a week since I turned off CRL (and leaving OCSP on) in Keychain preferences and I've had no unsolicited bandwidth usage duing that time.

  • by Yacek,

    Yacek Yacek Dec 10, 2013 7:24 AM in response to emlynuk
    Level 1 (0 points)
    Dec 10, 2013 7:24 AM in response to emlynuk

    When I do:

    kill -STOP <pid of opendirectoryd>

     

    then the downloading stops. But this stops Safari from opening https pages.

  • by ShawnSchinkel,

    ShawnSchinkel ShawnSchinkel Dec 10, 2013 7:37 AM in response to Mac_Ray
    Level 1 (0 points)
    Dec 10, 2013 7:37 AM in response to Mac_Ray

    I have been having the same problem as others. My internet usage has jumped from 1/2Gb per day to between 3 and 7Gb per day! This appears to be downloading around 18Mb approximately every 6-7 minutes. Yesterday I disabled the CRL and OCSP as was mentioned in earlier posts and my internet usage went back to normal, 1/2Gb for the last 24 hours and only 36Mb for the entire night. This morning, after reading the post by stevefrombraddon about the issue being fixed at Apple's end, I turned CRL and OCSP back on. Currently it is doing the exact same thing as before, with 18Mb downloads every 6-7 minutes and I am back up to 250Mb an hour when I am not even on the computer. The problem does not appear to be fixed at Apple's end....

  • by Elrainia,

    Elrainia Elrainia Dec 10, 2013 9:33 AM in response to Elrainia
    Level 1 (0 points)
    Dec 10, 2013 9:33 AM in response to Elrainia

    Elrainia wrote:

     

    While I'm here....  It's a week since I turned off CRL (and leaving OCSP on) in Keychain preferences and I've had no unsolicited bandwidth usage duing that time.

     

    Nothing like replying to your own posts

     

    I'd missed stevefrombraddon's post yesterday.  I've just renabled both OCSP and CRL on two machines and have started the waiting game again.  I'm not hopeful given ShawnSchinkel's comment.  Anyone else had any luck?

  • by Elrainia,

    Elrainia Elrainia Dec 10, 2013 10:06 AM in response to Elrainia
    Level 1 (0 points)
    Dec 10, 2013 10:06 AM in response to Elrainia

    Elrainia wrote:

     

    I'd missed stevefrombraddon's post yesterday.  I've just renabled both OCSP and CRL on two machines and have started the waiting game again.  I'm not hopeful given ShawnSchinkel's comment.  Anyone else had any luck?

     

    Well that didn't take long!  Identical pattern as before which would total around 1.4Gb per machine per day. Turning CRL back off <sigh>.

  • by stevefrombraddon,

    stevefrombraddon stevefrombraddon Dec 11, 2013 7:01 PM in response to stevefrombraddon
    Level 1 (0 points)
    Dec 11, 2013 7:01 PM in response to stevefrombraddon

    Well as others have discovered there's no improvement at all. I've let my iMac run for 24hours and it's settled in to churn around 70MB an hour. I've reported back to my 'AppleCare Senior Advisor' in Manilla and await his informed advice...

     

    The other thread that Steffel drew our attention to does seem to make some sense .... maybe the 'Apple Engineers' who are working on this bug will resort to outside assistance eventually

  • by nancyhil,

    nancyhil nancyhil Dec 14, 2013 8:00 PM in response to emlynuk
    Level 1 (0 points)
    Dec 14, 2013 8:00 PM in response to emlynuk

    I was working with Apple Support when I found the exact description of my problem on this thread. From the recommendations in these posts, I tried two things:

     

    - In Keychain Access preferences, I set ocsp to "Best Attempt" and CLR to "Off."

    - I deleted the ocspd cache by entering this command in a terminal window:  sudo rm -i ~root/Library/Caches/ocspd/Cache.db

    And rebooted.

     

    My ocspd downloads immediately went from 1.5GB/day to about 100KB/day. Slight difference there! I keep watching to see if the monster comes back, but for the past week or so, it's been all good. Now I can go back to streaming movies and music again instead of watching my throughput allotment evaporate in the background.

     

    Thanks very much for these tips!

  • by bratman91,

    bratman91 bratman91 Dec 16, 2013 3:03 PM in response to nancyhil
    Level 2 (203 points)
    Mac OS X
    Dec 16, 2013 3:03 PM in response to nancyhil

    I have been unable to find the file you list. In fact, I can't find any file or folder with a name "ocspd".

     

    Incidentally, 10.9.1 has just been released but I cannot see any reference to a fix that would address the problem described in this thread.

  • by Drew Reece,

    Drew Reece Drew Reece Dec 16, 2013 5:21 PM in response to bratman91
    Level 5 (7,552 points)
    Notebooks
    Dec 16, 2013 5:21 PM in response to bratman91

    I updated a clean install of 10.9 to 10.9.1. The prefs in Keychain Access remain the same…

     

    OCSP : Best attempt

    CRL : Best attempt

    Priority : OCSP

     

    It may be possible that the opening line of the update info covers some changes that address this.

     

    Apple wrote:

    It improves the stability, compatibility, and security of your Mac.

     

    I couldn't get the OCSP downloads to be unreasonable, so you will need to test yourselves, good luck.

  • by ascot97,

    ascot97 ascot97 Dec 17, 2013 7:27 AM in response to emlynuk
    Level 1 (0 points)
    Dec 17, 2013 7:27 AM in response to emlynuk

    I installed 10.9.1 and set my Keychain Access preferences to:

     

    OCSP : Best attempt

    CRL : Best attempt

    Priority : OCSP

     

    The system immediately increased its download activity; back to the very high levels (50 - 100 MBytes/hour).

    Mbytes

    10.9.1 does not fix this problem.

     

    Back to CRL : off  and patiently waiting for Apple to deliver a fix.

  • by Elrainia,

    Elrainia Elrainia Dec 17, 2013 8:14 AM in response to ascot97
    Level 1 (0 points)
    Dec 17, 2013 8:14 AM in response to ascot97

    Ditto.

     

    Upgraded 3 machines to 10.9.1 and they're all as bad as they ever were.  As ascot97 said, "Back to CRL: Off".

     

    I still can't believe there isn't more fuss about this.  I've looked at a number of Macs belonging to other people and they're all doing it (needless to say the owners are all slightly appalled!).  The only machine that I've not seen it on is my MBP which was the first machine I upgraded to Mavericks (not that that makes any difference!).

  • by Drew Reece,

    Drew Reece Drew Reece Dec 17, 2013 8:38 AM in response to Elrainia
    Level 5 (7,552 points)
    Notebooks
    Dec 17, 2013 8:38 AM in response to Elrainia

    Elrainia wrote:

     

    I still can't believe there isn't more fuss about this.  I've looked at a number of Macs belonging to other people and they're all doing it (needless to say the owners are all slightly appalled!).  The only machine that I've not seen it on is my MBP which was the first machine I upgraded to Mavericks (not that that makes any difference!).

    The Apple apologists on here say about 320 million people have 10.9 installed. If that is true this is probably an issue that only appears if you bother to monitor data usage (or have a data cap & notice the excessive usage etc).

     

    There is a chance that it's a certain set of conditions that cause it too (such as certain combinations of migrated settings). I think the best we can hope for is enough people submit bug reports & it gets the attention of Apple.

     

    It may be worth downloading the developer releases & seeing if they resolve the issue, Apple may be more likly bugfix if it is caught during the beta stage (just don't post details here because of the NDA).

first Previous Page 6 of 9 last Next