OCSP Service using up quite a bit of bandwidth

I upgraded my imac with the server app and mavericks. I have not noticed any increase in traffic. So in reading these posts I checked the keychain preferences and under the Certificates tab both OCSP and CRL are in the default(??) position of 'off'. I say default since I never looked at this before and had thus made no change. My internet traffic does show a pulse of about 3 minutes (someone else reported 2.5 minute) but the data volume is very very low.

So maybe just fxing the Certificate preferences as above will fix??

Another update from my Apple man.... he says;

"I have received an update from our Engineering that Apple has recently fixed the issue on their server. Kindly turn back the OCSP and CRL back from the Keychain Preferences again and we’ll observe the behavior. Please carefully check the data usage after you turn this on to avoid any high consumption on your data just in case if issue still persist. Thanks Steve!"

I'm game ... so we will see what happens.

Thanks for the input from everyone out there.

Steve

Apple has recently fixed the issue on their server.

Somebody is able to confirm that?

Greetings Ray

Hi All,

have you seen this thread:

https://discussions.apple.com/thread/5578275?answerId=23948089022#23948089022

It seems that devimages.apple.com which is part of the ocspd process tries to download a 35MB file but only keeps the connection alive for about 7 seconds. This time is too short for most of the Internet conncetions to receive the full file, so the system seems to try to get the full file again and again (for 7 seconds). Some users report they have seen up to 50 times the attempt to download this file resulting in 1GB of traffic per day.

On our server, this problem still seems to be persisting. It does not seem to be solved yet and I guess this will have to be adressed with a system update.

For us this isn't a problem as we have a real Internet flatrate, but what about all the mass of people with a limited data plan in the rest of the world? I don't understand why this isn't even commented by Apple.

This is getting Windows like! ;-)

Regards

Steffel

Steffel wrote:

I don't understand why this isn't even commented by Apple.

For better or for worse, this is the way Apple has always worked and I can't see them changing anytime soon. On the plus side, there's a pretty good chance the problem will be fixed in a future update with zero fanfare from 1 Infinte Loop.

While I'm here.... It's a week since I turned off CRL (and leaving OCSP on) in Keychain preferences and I've had no unsolicited bandwidth usage duing that time.

When I do:

kill -STOP <pid of opendirectoryd>

then the downloading stops. But this stops Safari from opening https pages.

I have been having the same problem as others. My internet usage has jumped from 1/2Gb per day to between 3 and 7Gb per day! This appears to be downloading around 18Mb approximately every 6-7 minutes. Yesterday I disabled the CRL and OCSP as was mentioned in earlier posts and my internet usage went back to normal, 1/2Gb for the last 24 hours and only 36Mb for the entire night. This morning, after reading the post by stevefrombraddon about the issue being fixed at Apple's end, I turned CRL and OCSP back on. Currently it is doing the exact same thing as before, with 18Mb downloads every 6-7 minutes and I am back up to 250Mb an hour when I am not even on the computer. The problem does not appear to be fixed at Apple's end....

Elrainia wrote:

While I'm here.... It's a week since I turned off CRL (and leaving OCSP on) in Keychain preferences and I've had no unsolicited bandwidth usage duing that time.

Nothing like replying to your own posts 😁

I'd missed stevefrombraddon's post yesterday. I've just renabled both OCSP and CRL on two machines and have started the waiting game again. I'm not hopeful given ShawnSchinkel's comment. Anyone else had any luck?

Elrainia wrote:

I'd missed stevefrombraddon's post yesterday. I've just renabled both OCSP and CRL on two machines and have started the waiting game again. I'm not hopeful given ShawnSchinkel's comment. Anyone else had any luck?

Well that didn't take long! Identical pattern as before which would total around 1.4Gb per machine per day. Turning CRL back off <sigh>.

Well as others have discovered there's no improvement at all. I've let my iMac run for 24hours and it's settled in to churn around 70MB an hour. I've reported back to my 'AppleCare Senior Advisor' in Manilla and await his informed advice...

The other thread that Steffel drew our attention to does seem to make some sense .... maybe the 'Apple Engineers' who are working on this bug will resort to outside assistance eventually 😕

I was working with Apple Support when I found the exact description of my problem on this thread. From the recommendations in these posts, I tried two things:

- In Keychain Access preferences, I set ocsp to "Best Attempt" and CLR to "Off."

- I deleted the ocspd cache by entering this command in a terminal window: sudo rm -i ~root/Library/Caches/ocspd/Cache.db

And rebooted.

My ocspd downloads immediately went from 1.5GB/day to about 100KB/day. Slight difference there! I keep watching to see if the monster comes back, but for the past week or so, it's been all good. Now I can go back to streaming movies and music again instead of watching my throughput allotment evaporate in the background.

Thanks very much for these tips!

I have been unable to find the file you list. In fact, I can't find any file or folder with a name "ocspd".

Incidentally, 10.9.1 has just been released but I cannot see any reference to a fix that would address the problem described in this thread.

I updated a clean install of 10.9 to 10.9.1. The prefs in Keychain Access remain the same…

OCSP : Best attempt

CRL : Best attempt

Priority : OCSP

It may be possible that the opening line of the update info covers some changes that address this.

Apple wrote:

It improves the stability, compatibility, and security of your Mac.

I couldn't get the OCSP downloads to be unreasonable, so you will need to test yourselves, good luck.

I installed 10.9.1 and set my Keychain Access preferences to:

OCSP : Best attempt

CRL : Best attempt

Priority : OCSP

The system immediately increased its download activity; back to the very high levels (50 - 100 MBytes/hour).

Mbytes

10.9.1 does not fix this problem.

Back to CRL : off and patiently waiting for Apple to deliver a fix.

Ditto.

Upgraded 3 machines to 10.9.1 and they're all as bad as they ever were. As ascot97 said, "Back to CRL: Off".

I still can't believe there isn't more fuss about this. I've looked at a number of Macs belonging to other people and they're all doing it (needless to say the owners are all slightly appalled!). The only machine that I've not seen it on is my MBP which was the first machine I upgraded to Mavericks (not that that makes any difference!).