iOS TLS/SSL Handshake Adding Overhead to F5 VPN Connections

Originator:unnamedd
Number:rdar://33330595 Date Originated:14-Jul-2017 10:59 PM
Status:Open Resolved:
Product:iOS + SDK Product Version:10.3.2 (14F89)
Classification:Security Reproducible:Always
 
Summary:
This is a duplicate of radar #452145415

I am seeing increased overhead in TLS handshakes from the iPad device to the server over VPN.  The device VPN we are using is F5 and our application is distributed through a mobile device management system (AirWatch). The iPad application has a lot of networking activity running under the hood and the current server configuration requires the application to make a SSL handshake on every network request going through the F5 VPN to the server.  Many the TLS/SSL handshakes that are made between the device and the server happen within the 100-250ms range.  However, there are many that take between 400-600ms also to complete.  My concern is that with the large amount of networking requests that are made, and with a TLS handshake on every request, is there anything that can be done to reduce the overhead in the TLS/SSL handshake? 

Device Configuration:
1. Cellular connected iPad Air 2 (iOS 10.3.2) with AirWatch (MDM).
2. Connect on Demand with F5 BIG-IP VPN.

Observations:
1. Upon opening the application observe 100+ network connections being run through the VPN in the background.
2. From the device logs observe variable TLS/SSL handshake times ranging anywhere from 100ms to 600ms.


Steps to Reproduce:
 

Expected Results:
 

Actual Results:
 

Version:
10.3.2 (14F89)

Notes:
WiFi connections observe similar TLS overhead but not as significant.

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!