Preparing your F5 for new TLS requirements in Apple iOS 9 and OS X 10.11

Apple is dropping new versions of its popular iOS and OS X operating systems. iOS Version 9 for iPhones, iPod Touches, and iPads arrives Wednesday, September 16, 2015.  Version 10.11 of OS X will land about a week later.

Both versions will be promoting a more strict set of cryptographic requirements within their application libraries.

According to this iOS 9.0 technote, by default, applications (“apps”) that use Apple’s underlying communication libraries will now require the following cryptographic characteristics for all new network connections:

  • The server must support at least TLS version 1.2.
  • Connection ciphers are limited to those that provide forward secrecy.
  • Certificates with weak signatures will result in a hard failure and no connection. Certificates must be signed using a SHA256 or better signature hash algorithm, with either a 2048-bit or greater RSA key or a 256-bit or greater Elliptic Curve Cryptography (ECC) key.

Because the new requirements are on by default in the App Transport Security (ATS) library, they will improve the security of network communication for the vast library of applications in the Apple ecosystem. 

Application developers can override these defaults (if they wish) and weaken their application's security posture by pushing out a single XML file to their mobile clients. But hopefully that won’t be necessary.

It is not clear yet whether some of the popular Apple apps such as the Mail client or Safari will have these requirements. It is assumed not since they weren’t mentioned, but the world won’t know for sure until Wednesday.

How does this affect F5 customers?

F5 customers who publish an application in the Apple App Store will need to pay heed. Those who don’t have apps in the Apple store also need to pay heed. Some apps will connect to third party servers (for example, ad server networks) to retrieve content. Any site that might have Apple application traffic is advised to watch for traffic reduction starting on Wednesday.

In order to meet the new Apple ATS requirements, an F5 customer should be running BIG-IP versions 11.5.0+ or 11.6.0+. According to DC user and article ghost writer David Remington, the minimum required version is 11.4.0+, which will suffice but has only the single ATS-compatible cipher.

Supported ATS Cipher

BIG-IP 11.4+

BIG-IP 11.5+

BIG-IP 11.6+

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

X

X

X

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

 

X

X

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

 

X

X

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

 

X

X

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

 

X

X

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

 

X

X

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

 

X

X

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

 

X

X

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

 

X

X

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

 

X

X

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

 

X

X

*ECDSA ciphers are supported by BIG-IP but are not on by default

Regarding Performance

Some ciphers will present measurable CPU spikes during bursts of TLS handshakes. Short TLS sessions coupled with high rate of TLS sessions may commandeer general CPU cycles that were otherwise dedicated to application delivery tasks like layer 7 policy or Bitcoin mining (jk). Some customers who have made similar switches have reported slight increases in CPU load but within their tolerance. Other customers have reported significantly higher CPU loads when preferring forward secrecy ciphers.

As iOS 9 spreads around the globe, administrators should watch their F5 dashboards for significant increases in CPU usage. They can then check here for more information—F5 might be able to provide guidance on crafting more efficient, yet still ATS-compliant cipher strings.

What about BIG-IP version 10.x?

Customers who are still running the trusty old versions 10.2.x of BIG-IP are advised to upgrade! Jumping from version 10.2.3 to version 11.6.0 is a non-trivial upgrade path so the more preparation, the better. Customers running version 10.x are advised to contact their F5 partner and refer them to this blog entry. 

A Safer Internet

One reason people hate change is because sometimes change hurts. Hopefully this week won't be one of those times. If Apple's new server requirements do not cause too much disruption then ultimately, this change will benefit the Internet community as a whole. 

Useful Links:

Published Sep 15, 2015
Version 1.0
application delivery
LTM
security

Was this article helpful?

3 Comments

Sort By
  • David_Holmes_12's avatar
    David_Holmes_12
    Historic F5 Account
    Sep 16, 2015
    If you need to search your network for servers that might still be running SSLv3, check out this nMap script. https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html
  • tabernarious_11's avatar
    tabernarious_11
    Icon for Nimbostratus rankNimbostratus
    Sep 17, 2015
    Based on significant experience with a wide array of customers I would highly recommend 11.5.3 over 11.6.0. Version 11.5.3 has long term support, a lot of product development attention (lots of issues being addressed) and is very stable for core functionality. 11.6.0 does have some new features, which may appeal to you, but I would only recommend 11.6.0 if the new features are requirements.