iOS TLS/SSL Handshake Adding Overhead to F5 VPN Connections

Originator:AgnosticDev
Number:rdar://452145415 Date Originated:6.20.2017
Status:open Resolved:no
Product:iOS Product Version:10.3.2 (14F89)
Classification:Network Reproducible:Always
 
Summary:
I am seeing increased overhead in TLS handshakes from the iPad device to the server over VPN.  The device VPN we are using is F5 and our application is distributed through a mobile device management system (AirWatch). The iPad application has a lot of networking activity running under the hood and the current server configuration requires the application to make a SSL handshake on every network request going through the F5 VPN to the server.  Many the TLS/SSL handshakes that are made between the device and the server happen within the 100-250ms range.  However, there are many that take between 400-600ms also to complete.  My concern is that with the large amount of networking requests that are made, and with a TLS handshake on every request, is there anything that can be done to reduce the overhead in the TLS/SSL handshake? 

Device Configuration:
1. Cellular connected iPad Air 2 (iOS 10.3.2) with AirWatch (MDM).
2. Connect on Demand with F5 BIG-IP VPN.

Observations:
1. Upon opening the application observe 100+ network connections being run through the VPN in the background.
2. From the device logs observe variable TLS/SSL handshake times ranging anywhere from 100ms to 600ms.


Version:
10.3.2  (14F89)

Notes:
WiFi connections observe similar TLS overhead but not as significant.

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!