You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

OCSP Service using up quite a bit of bandwidth

I have been tracking down an issue regarding our ISP bandwidth usage (very high).


I believe I have found an issue with the OCSP daemon (ocspd) using up quite a bit of bandwidth for no apparent reason - my initial tests seem to show that this daemon, under Mavericks, is using about 100MB of download bandwidth per day (approx 3GB per month). This is huge considering that this process is meant to cache retrieved results (assuming of course it is getting results).


As a further test, I had 2 Macs running Mavericks and 1 running ML overnight, with all machines running RubberNet to monitor per process bandwidth.

On both Mav machines, the ocspd daemon used up the traffic as per above but ML used no bandiwdth for the same process.


The implications here is that users with bandwidth limited connections (e.g. Satallite or Mobile) will use up much of their allowance when at idle hence my interest.


Can someone verify these findings?


Just a wild thought: Perhaps because the keychain is now sent to iCloud in Mav, I wonder if the certificates are being checked more often for security reasons.


Thanks

Emlyn

iMac, OS X Mavericks (10.9)

Posted on Nov 10, 2013 5:48 AM

Reply
130 replies

Aug 7, 2017 11:29 AM in response to emlynuk

I think mine takes the cake. I didn't realize what was happening until Comcast started capping monthly data usage at 1024 Gb per month. I got a notice on day 6 that I exceeded the monthly usage! I turned off OCSP and CRL in keychain access. everything seems to be fine now.


this is data usage reported in my router. i factory reset it recently so I couldn't go back very far.

User uploaded file

monthly data usage according to comcast.

User uploaded file

Nov 1, 2018 2:28 PM in response to Drew Reece

Drew Reece wrote:


Elrainia wrote:


I still can't believe there isn't more fuss about this. I've looked at a number of Macs belonging to other people and they're all doing it (needless to say the owners are all slightly appalled!). The only machine that I've not seen it on is my MBP which was the first machine I upgraded to Mavericks (not that that makes any difference!).

The Apple apologists on here say about 320 million people have 10.9 installed. If that is true this is probably an issue that only appears if you bother to monitor data usage (or have a data cap & notice the excessive usage etc).


There is a chance that it's a certain set of conditions that cause it too (such as certain combinations of migrated settings). I think the best we can hope for is enough people submit bug reports & it gets the attention of Apple.


It may be worth downloading the developer releases & seeing if they resolve the issue, Apple may be more likly bugfix if it is caught during the beta stage (just don't post details here because of the NDA).


I only noticed it becuse I had a number of large downloads that month (including 10.9 itself) and my ISP sent a warning email about my data cap. Since the problem appears to be a seven second timeout on the client side I can't see how it would be difficult to fix.


BQ.

Nov 16, 2013 9:25 AM in response to emlynuk

The oscpd daemon has a manual page ('man ocspd' in Terminal) or…

https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/ man1/ocspd.1.html


I would disable iCloud on one Mac & see if it has any effect, then re-enable slowly to see which task causes it. Reboot between each test. The daemon is launched 'on demand' so it might be any task that uses SSL or the security framework that forces the update.

/System/Library/LaunchDaemons/com.apple.ocspd.plist


It may be worth checking logs for ocspd messages (Apps/Utilities/Console), incase it is having trouble saving caches.


The usual boot to recovery mode, run disk repair & permissions repair tasks might help? 🙂


I guess you could look at the certificates in Keychain Access, but I don't know where to start in cleaning them up, sorry.

Nov 17, 2013 2:24 PM in response to emlynuk

Hi


I am having the same problem with my copy of marvericks. I am seeing about 2gig per day going to ocspd. I am on limited downloads so this is becoming a big problem for me. I even had a day where I lost 8 gig but the usual amount is 2. I have taken to disconnecting my Mac when I am not using it 8-(.


I have turned off AppStore and iCloud to try an isolate but I will have to try Drew's suggestions.


Good luck

Nov 17, 2013 7:24 PM in response to emlynuk

Triple-click anywhere in the line of text below on this page to select it:


/var/db/crls


Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go Go to Folder...

from the menu bar and paste into the box that opens (command-V). You won't see what you pasted because a line break is included. Press return.


A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password. Reboot, empty the Trash, and test.

Nov 17, 2013 11:37 PM in response to clockworkapps

Acutally I found this related problem


http://www.ellenburg.org/index.php/2013/10/23/osx-10-9-mavericks-appstore-issues /


which suggests:


"So it turns out the problem is Apple is having problems with their online OCSP & CRL servers for their certificates.


Turning off CRL & OCSP checking in the Certificates Preferences in Keychain Access solved the problem."


It seems to be working for me! (until the next update)

Nov 19, 2013 10:49 AM in response to clockworkapps

Clockworkapps, THANK YOU for finding this and posting it. I have also had this issue. I am on a satellite ISP and I was using over a gig a day. My 15 was not going to last very long! Also I had no idea where the data was going--I wasn't doing anything different from the last 11 months and I had never gone over my limit before. I suspected iOS7 upgrade, which might also have been using a lot of data, but this fix on my Mac did the trick.


I want to URGE Apple to fix this because I do not like having these items turned off--not good for safe surfing. How will we know if we can turn them back on?


I would have never looked at this or known to turn off the CRL and OCSP. Thanks for posting. I have also posted this fix on my satellite ISP's forum. They didn't know how to fix this when I called them.

Nov 28, 2013 4:20 AM in response to Linc Davis

Thanks for the suggestions.


I foolishly installed Mavericks on a Mini server and went on holiday for 10 days shortly after, came back to over-quota messages from my ISP. The increase in usage for me started around the 7th Nov, but I installed Mavericks on the 25th October, so not 100% certain Mavericks is the cause. Also, when I look at Purchases in App Store Mavericks says "Download" rather than "Installed" (which it says for everything else). Anyone else get that? Perhaps the upgrade didn't complete properly, although the machine says it's running 10.9.


Deleting the contents of /var/db/crls reduced my daily ocspd consumption from up to 8GB to around 1GB.


Turning off iCloud sync of Keychain and a few other things dropped it to ~100MB a day, so getting better but still uncool on limited quota and bandwidth.


I am loath to turn off checking altogether, but it's looking like that or ditching iCloud next.


Any other ideas?

Nov 28, 2013 4:48 AM in response to undertheappletree

Interesting to see so many people suffering the same problem and some worse than me.


As others have mentioned, turning off certificate validation is probably a bad thing but in the meantime we have to manage our bandwidth.


I purchased Little Snitch (http://www.obdev.at/products/littlesnitch/index.html) to look at the problem in more detail including packet sniffing - unfortunately, the OCSP daemon is only acting as a proxy for other processes requesting certificate credentials but there appears to be no visability to which processes these are (although some are obviously, like when you start XCode).


Little Snitch (LS) allows you to block inividial processes/connections (or ask you) so what I have implemented to manage the bandwidth is get LS to ask me if I want to allow a particular external call from OCSP to an external provider. When it asks, you can make that permission perminant or not, so from the traffic info I can see in LS, I am now letting most requests through by default but blocking (asking) some of the big ones in particular developer.apple.com.


It's a bit of a pain to start, but only getting about 3 or 4 'ask' requests from LS now per day and bandwidth usage for that process down to about 200KB per day so workable.


Not sure how Apple is going to handle this one. It seems to me they are have a duty to check if certificates have been revoked, but the cost is huge in terms of bandwidth. Unfortunately, the fact that Apple almost expect unlimited bandwidth with all their online updates (e.g. IOS > 1GB, Pages > 300MB etc), the bandwidth here is liklely to be generally small and low priority for them.


As Apple never seem to contribute to these conversations (but I am sure they are listening) does anyone have any sensible suggestions...


Emlyn.

Nov 29, 2013 5:44 PM in response to emlynuk

I'm running an iMac in a single person business off an ethernet connection and also have had a huge increase in data usage. My normal 10GB monthly allowance got sucked out in 14 days last month. [My normal usage is about 100-200MB a day]. It started shortly after Maverics was installed..... 600-800Mb a day then rising to 1200-1500MB a day.


I have made 4-5 calls to Apple and hours of my time and no solution. The last lady suggested that I just unplug my ethernet cable when I go home each night... great problem solver! Recent nights I have quit all applications and yesterday evening signed out of iCloud to eliminate that as a possibility. This all seems to have accellerated the usage to a further ..... 2GB yesterday and now 3.5GB since midnight to noon.


Thanks clockworkapps for the heads up on the OCSP & CRL option. I've found them and turned them off ... hope it works and a beer for you if it does!


Cheers Steve

OCSP Service using up quite a bit of bandwidth

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.