Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: OCSP Service using up quite a bit of bandwidth

I have been tracking down an issue regarding our ISP bandwidth usage (very high).


I believe I have found an issue with the OCSP daemon (ocspd) using up quite a bit of bandwidth for no apparent reason - my initial tests seem to show that this daemon, under Mavericks, is using about 100MB of download bandwidth per day (approx 3GB per month). This is huge considering that this process is meant to cache retrieved results (assuming of course it is getting results).


As a further test, I had 2 Macs running Mavericks and 1 running ML overnight, with all machines running RubberNet to monitor per process bandwidth.

On both Mav machines, the ocspd daemon used up the traffic as per above but ML used no bandiwdth for the same process.


The implications here is that users with bandwidth limited connections (e.g. Satallite or Mobile) will use up much of their allowance when at idle hence my interest.


Can someone verify these findings?


Just a wild thought: Perhaps because the keychain is now sent to iCloud in Mav, I wonder if the certificates are being checked more often for security reasons.


Thanks

Emlyn

iMac, OS X Mavericks (10.9)

Posted on Nov 10, 2013 5:48 AM

Reply
Question marked as Helpful

Nov 17, 2013 7:24 PM in response to emlynuk In response to emlynuk

Triple-click anywhere in the line of text below on this page to select it:


/var/db/crls


Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go Go to Folder...

from the menu bar and paste into the box that opens (command-V). You won't see what you pasted because a line break is included. Press return.


A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password. Reboot, empty the Trash, and test.

Nov 17, 2013 7:24 PM

There’s more to the conversation

Read all replies

Nov 16, 2013 9:25 AM in response to emlynuk In response to emlynuk

The oscpd daemon has a manual page ('man ocspd' in Terminal) or…

https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/ man1/ocspd.1.html


I would disable iCloud on one Mac & see if it has any effect, then re-enable slowly to see which task causes it. Reboot between each test. The daemon is launched 'on demand' so it might be any task that uses SSL or the security framework that forces the update.

/System/Library/LaunchDaemons/com.apple.ocspd.plist


It may be worth checking logs for ocspd messages (Apps/Utilities/Console), incase it is having trouble saving caches.


The usual boot to recovery mode, run disk repair & permissions repair tasks might help? 🙂


I guess you could look at the certificates in Keychain Access, but I don't know where to start in cleaning them up, sorry.

Nov 16, 2013 9:25 AM

Reply Helpful (1)

Nov 17, 2013 2:24 PM in response to emlynuk In response to emlynuk

Hi


I am having the same problem with my copy of marvericks. I am seeing about 2gig per day going to ocspd. I am on limited downloads so this is becoming a big problem for me. I even had a day where I lost 8 gig but the usual amount is 2. I have taken to disconnecting my Mac when I am not using it 8-(.


I have turned off AppStore and iCloud to try an isolate but I will have to try Drew's suggestions.


Good luck

Nov 17, 2013 2:24 PM

Reply Helpful
Question marked as Helpful

Nov 17, 2013 7:24 PM in response to emlynuk In response to emlynuk

Triple-click anywhere in the line of text below on this page to select it:


/var/db/crls


Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go Go to Folder...

from the menu bar and paste into the box that opens (command-V). You won't see what you pasted because a line break is included. Press return.


A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password. Reboot, empty the Trash, and test.

Nov 17, 2013 7:24 PM

Reply Helpful (14)

Nov 17, 2013 11:37 PM in response to clockworkapps In response to clockworkapps

Acutally I found this related problem


http://www.ellenburg.org/index.php/2013/10/23/osx-10-9-mavericks-appstore-issues /


which suggests:


"So it turns out the problem is Apple is having problems with their online OCSP & CRL servers for their certificates.


Turning off CRL & OCSP checking in the Certificates Preferences in Keychain Access solved the problem."


It seems to be working for me! (until the next update)

Nov 17, 2013 11:37 PM

Reply Helpful (2)

Nov 19, 2013 10:49 AM in response to clockworkapps In response to clockworkapps

Clockworkapps, THANK YOU for finding this and posting it. I have also had this issue. I am on a satellite ISP and I was using over a gig a day. My 15 was not going to last very long! Also I had no idea where the data was going--I wasn't doing anything different from the last 11 months and I had never gone over my limit before. I suspected iOS7 upgrade, which might also have been using a lot of data, but this fix on my Mac did the trick.


I want to URGE Apple to fix this because I do not like having these items turned off--not good for safe surfing. How will we know if we can turn them back on?


I would have never looked at this or known to turn off the CRL and OCSP. Thanks for posting. I have also posted this fix on my satellite ISP's forum. They didn't know how to fix this when I called them.

Nov 19, 2013 10:49 AM

Reply Helpful

Nov 26, 2013 12:35 PM in response to clockworkapps In response to clockworkapps

Brilliant - I would never have found this - I have Rubernet monitoring everything and Little Snitch locking everything down and still saw large amounts of my precious Satellite bandwidth being eaten up even with only "essential Apple services" running - and it looks like ocspd was most of it.

Nov 26, 2013 12:35 PM

Reply Helpful

Nov 28, 2013 4:20 AM in response to Linc Davis In response to Linc Davis

Thanks for the suggestions.


I foolishly installed Mavericks on a Mini server and went on holiday for 10 days shortly after, came back to over-quota messages from my ISP. The increase in usage for me started around the 7th Nov, but I installed Mavericks on the 25th October, so not 100% certain Mavericks is the cause. Also, when I look at Purchases in App Store Mavericks says "Download" rather than "Installed" (which it says for everything else). Anyone else get that? Perhaps the upgrade didn't complete properly, although the machine says it's running 10.9.


Deleting the contents of /var/db/crls reduced my daily ocspd consumption from up to 8GB to around 1GB.


Turning off iCloud sync of Keychain and a few other things dropped it to ~100MB a day, so getting better but still uncool on limited quota and bandwidth.


I am loath to turn off checking altogether, but it's looking like that or ditching iCloud next.


Any other ideas?

Nov 28, 2013 4:20 AM

Reply Helpful

Nov 28, 2013 4:48 AM in response to undertheappletree In response to undertheappletree

Interesting to see so many people suffering the same problem and some worse than me.


As others have mentioned, turning off certificate validation is probably a bad thing but in the meantime we have to manage our bandwidth.


I purchased Little Snitch (http://www.obdev.at/products/littlesnitch/index.html) to look at the problem in more detail including packet sniffing - unfortunately, the OCSP daemon is only acting as a proxy for other processes requesting certificate credentials but there appears to be no visability to which processes these are (although some are obviously, like when you start XCode).


Little Snitch (LS) allows you to block inividial processes/connections (or ask you) so what I have implemented to manage the bandwidth is get LS to ask me if I want to allow a particular external call from OCSP to an external provider. When it asks, you can make that permission perminant or not, so from the traffic info I can see in LS, I am now letting most requests through by default but blocking (asking) some of the big ones in particular developer.apple.com.


It's a bit of a pain to start, but only getting about 3 or 4 'ask' requests from LS now per day and bandwidth usage for that process down to about 200KB per day so workable.


Not sure how Apple is going to handle this one. It seems to me they are have a duty to check if certificates have been revoked, but the cost is huge in terms of bandwidth. Unfortunately, the fact that Apple almost expect unlimited bandwidth with all their online updates (e.g. IOS > 1GB, Pages > 300MB etc), the bandwidth here is liklely to be generally small and low priority for them.


As Apple never seem to contribute to these conversations (but I am sure they are listening) does anyone have any sensible suggestions...


Emlyn.

Nov 28, 2013 4:48 AM

Reply Helpful

Nov 29, 2013 5:44 PM in response to emlynuk In response to emlynuk

I'm running an iMac in a single person business off an ethernet connection and also have had a huge increase in data usage. My normal 10GB monthly allowance got sucked out in 14 days last month. [My normal usage is about 100-200MB a day]. It started shortly after Maverics was installed..... 600-800Mb a day then rising to 1200-1500MB a day.


I have made 4-5 calls to Apple and hours of my time and no solution. The last lady suggested that I just unplug my ethernet cable when I go home each night... great problem solver! Recent nights I have quit all applications and yesterday evening signed out of iCloud to eliminate that as a possibility. This all seems to have accellerated the usage to a further ..... 2GB yesterday and now 3.5GB since midnight to noon.


Thanks clockworkapps for the heads up on the OCSP & CRL option. I've found them and turned them off ... hope it works and a beer for you if it does!


Cheers Steve

Nov 29, 2013 5:44 PM

Reply Helpful

Nov 29, 2013 8:04 PM in response to clockworkapps In response to clockworkapps

Thanks for the tip, I'm having the same problem with my iMac (mid 2011). This is costing my a fortune in fees from my ISP for exceeding my monthly data quota. I have turned off the OCSP & CRL and I'll be watching very closely the data movement in the Activity Monitor.


Something doesn't jive though, and I hope this helps somebody find the source of the problem: I also have a MacBook Air (mid 2011) also running Mavericks and it doesn't have that problem. If it would be a server issue, both computers would have the same problem. I can't find anything different between the settings of these 2 computer that would explain the different behaviours.

Nov 29, 2013 8:04 PM

Reply Helpful

Nov 30, 2013 4:31 PM in response to pierrefromsherrington In response to pierrefromsherrington

For those of you wondering how to achieve this:


"Turning off CRL & OCSP checking in the Certificates Preferences in Keychain Access solved the problem."


Simply set the options to "OFF" in Certificates tab in Keychain Preferences.

Nov 30, 2013 4:31 PM

Reply Helpful
User profile for user: emlynuk

Question: OCSP Service using up quite a bit of bandwidth