You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

OCSP Service using up quite a bit of bandwidth

I have been tracking down an issue regarding our ISP bandwidth usage (very high).


I believe I have found an issue with the OCSP daemon (ocspd) using up quite a bit of bandwidth for no apparent reason - my initial tests seem to show that this daemon, under Mavericks, is using about 100MB of download bandwidth per day (approx 3GB per month). This is huge considering that this process is meant to cache retrieved results (assuming of course it is getting results).


As a further test, I had 2 Macs running Mavericks and 1 running ML overnight, with all machines running RubberNet to monitor per process bandwidth.

On both Mav machines, the ocspd daemon used up the traffic as per above but ML used no bandiwdth for the same process.


The implications here is that users with bandwidth limited connections (e.g. Satallite or Mobile) will use up much of their allowance when at idle hence my interest.


Can someone verify these findings?


Just a wild thought: Perhaps because the keychain is now sent to iCloud in Mav, I wonder if the certificates are being checked more often for security reasons.


Thanks

Emlyn

iMac, OS X Mavericks (10.9)

Posted on Nov 10, 2013 5:48 AM

Reply
130 replies

Dec 9, 2013 7:12 PM in response to bdiamond18

I upgraded my imac with the server app and mavericks. I have not noticed any increase in traffic. So in reading these posts I checked the keychain preferences and under the Certificates tab both OCSP and CRL are in the default(??) position of 'off'. I say default since I never looked at this before and had thus made no change. My internet traffic does show a pulse of about 3 minutes (someone else reported 2.5 minute) but the data volume is very very low.

So maybe just fxing the Certificate preferences as above will fix??

Dec 9, 2013 10:14 PM in response to emlynuk

Another update from my Apple man.... he says;


"I have received an update from our Engineering that Apple has recently fixed the issue on their server. Kindly turn back the OCSP and CRL back from the Keychain Preferences again and we’ll observe the behavior. Please carefully check the data usage after you turn this on to avoid any high consumption on your data just in case if issue still persist. Thanks Steve!"


I'm game ... so we will see what happens.


Thanks for the input from everyone out there.


Steve

Dec 10, 2013 6:44 AM in response to emlynuk

Hi All,


have you seen this thread:

https://discussions.apple.com/thread/5578275?answerId=23948089022#23948089022


It seems that devimages.apple.com which is part of the ocspd process tries to download a 35MB file but only keeps the connection alive for about 7 seconds. This time is too short for most of the Internet conncetions to receive the full file, so the system seems to try to get the full file again and again (for 7 seconds). Some users report they have seen up to 50 times the attempt to download this file resulting in 1GB of traffic per day.

On our server, this problem still seems to be persisting. It does not seem to be solved yet and I guess this will have to be adressed with a system update.


For us this isn't a problem as we have a real Internet flatrate, but what about all the mass of people with a limited data plan in the rest of the world? I don't understand why this isn't even commented by Apple.

This is getting Windows like! ;-)


Regards

Steffel

Dec 10, 2013 6:52 AM in response to Steffel

Steffel wrote:


I don't understand why this isn't even commented by Apple.


For better or for worse, this is the way Apple has always worked and I can't see them changing anytime soon. On the plus side, there's a pretty good chance the problem will be fixed in a future update with zero fanfare from 1 Infinte Loop.


While I'm here.... It's a week since I turned off CRL (and leaving OCSP on) in Keychain preferences and I've had no unsolicited bandwidth usage duing that time.

Dec 10, 2013 7:37 AM in response to Mac_Ray

I have been having the same problem as others. My internet usage has jumped from 1/2Gb per day to between 3 and 7Gb per day! This appears to be downloading around 18Mb approximately every 6-7 minutes. Yesterday I disabled the CRL and OCSP as was mentioned in earlier posts and my internet usage went back to normal, 1/2Gb for the last 24 hours and only 36Mb for the entire night. This morning, after reading the post by stevefrombraddon about the issue being fixed at Apple's end, I turned CRL and OCSP back on. Currently it is doing the exact same thing as before, with 18Mb downloads every 6-7 minutes and I am back up to 250Mb an hour when I am not even on the computer. The problem does not appear to be fixed at Apple's end....

Dec 10, 2013 9:33 AM in response to Elrainia

Elrainia wrote:


While I'm here.... It's a week since I turned off CRL (and leaving OCSP on) in Keychain preferences and I've had no unsolicited bandwidth usage duing that time.


Nothing like replying to your own posts 😁


I'd missed stevefrombraddon's post yesterday. I've just renabled both OCSP and CRL on two machines and have started the waiting game again. I'm not hopeful given ShawnSchinkel's comment. Anyone else had any luck?

Dec 10, 2013 10:06 AM in response to Elrainia

Elrainia wrote:


I'd missed stevefrombraddon's post yesterday. I've just renabled both OCSP and CRL on two machines and have started the waiting game again. I'm not hopeful given ShawnSchinkel's comment. Anyone else had any luck?


Well that didn't take long! Identical pattern as before which would total around 1.4Gb per machine per day. Turning CRL back off <sigh>.

Dec 11, 2013 7:01 PM in response to stevefrombraddon

Well as others have discovered there's no improvement at all. I've let my iMac run for 24hours and it's settled in to churn around 70MB an hour. I've reported back to my 'AppleCare Senior Advisor' in Manilla and await his informed advice...


The other thread that Steffel drew our attention to does seem to make some sense .... maybe the 'Apple Engineers' who are working on this bug will resort to outside assistance eventually 😕

Dec 14, 2013 8:00 PM in response to emlynuk

I was working with Apple Support when I found the exact description of my problem on this thread. From the recommendations in these posts, I tried two things:


- In Keychain Access preferences, I set ocsp to "Best Attempt" and CLR to "Off."

- I deleted the ocspd cache by entering this command in a terminal window: sudo rm -i ~root/Library/Caches/ocspd/Cache.db

And rebooted.


My ocspd downloads immediately went from 1.5GB/day to about 100KB/day. Slight difference there! I keep watching to see if the monster comes back, but for the past week or so, it's been all good. Now I can go back to streaming movies and music again instead of watching my throughput allotment evaporate in the background.


Thanks very much for these tips!

Dec 16, 2013 5:21 PM in response to bratman91

I updated a clean install of 10.9 to 10.9.1. The prefs in Keychain Access remain the same…


OCSP : Best attempt

CRL : Best attempt

Priority : OCSP


It may be possible that the opening line of the update info covers some changes that address this.


Apple wrote:

It improves the stability, compatibility, and security of your Mac.


I couldn't get the OCSP downloads to be unreasonable, so you will need to test yourselves, good luck.

Dec 17, 2013 7:27 AM in response to emlynuk

I installed 10.9.1 and set my Keychain Access preferences to:


OCSP : Best attempt

CRL : Best attempt

Priority : OCSP


The system immediately increased its download activity; back to the very high levels (50 - 100 MBytes/hour).

Mbytes

10.9.1 does not fix this problem.


Back to CRL : off and patiently waiting for Apple to deliver a fix.

Dec 17, 2013 8:14 AM in response to ascot97

Ditto.


Upgraded 3 machines to 10.9.1 and they're all as bad as they ever were. As ascot97 said, "Back to CRL: Off".


I still can't believe there isn't more fuss about this. I've looked at a number of Macs belonging to other people and they're all doing it (needless to say the owners are all slightly appalled!). The only machine that I've not seen it on is my MBP which was the first machine I upgraded to Mavericks (not that that makes any difference!).

OCSP Service using up quite a bit of bandwidth

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.