Network security technologies built into iOS ensure that users are authorized and that their data is protected during transmission over Wi-Fi and cellular connections.
iOS network security supports:
- Built-in Cisco IPSec, IKEv2, L2TP, PPTP
- SSL VPN via App Store apps
- Transport Layer Security (TLS v1.0, TLS v1.1, TLS v1.2) and DTLS
- SSL/ with X.509 certificates
- WPA/WPA2 Enterprise with 802.1X
- Certificate-based authentication
- RSA SecurID, CRYPTOCard
VPN
Many enterprise environments have some form of virtual private network (VPN). These VPN services typically require minimal setup and configuration to work with Apple devices, which integrate with many commonly used VPN technologies.
For more information, see the VPN overview section of this reference.
IPSec
iOS and OS X support IPSec protocols and authentication methods. For more information, see the Supported protocols and authentication methods section of this reference.
SSL/TLS
iOS supports SSL v3 and Transport Layer Security (TLS v1.0, 1.1, and 1.2). Safari, Calendar, Mail, and other Internet apps automatically use these to enable an encrypted communication channel between iOS and OS X and corporate services.
iOS 9 or later and OS X El Capitan or later requires a 1024 or larger bit group when negotiating a TLS/SSL connection with Diffie-Hellman key exchange.
iOS 9 or later and OS X El Capitan or later also adds support for TLS v1.2 in 8021.X authentication. Authentication servers that support TLS v1.2 may require updates for compatibility:
- FreeRADIUS: Update to version 2.2.7 or 3.0.8
- Aruba ClearPass: Update to version 6.5.2
- Other Aruba products: Update to ArubaOS 6.4.2.9
For more information about SSL and TLS, go to the Apple Support article Use modern cryptographic practices when setting up SSL and TLS services on your server.
WPA/WPA2
Apple devices support WPA2 Enterprise to provide authenticated access to your enterprise wireless network. WPA2 Enterprise uses 128-bit Advanced Encryption Standard (AES) encryption, so user data is protected when communicating over a Wi-Fi network.
With support for 802.1X, iOS devices can be integrated into a broad range of RADIUS authentication environments. iOS supports 802.1X wireless authentication protocols, including:
- IKEv2
- EAP-TLS
- EAP-TTLS (MSCHAPv2)
- EAP-FAST
- EAP-AKA
- EAP-SIM (carrier only)
- PEAPv0 (EAP-MSCHAPv2, the most common form of PEAP)
- PEAPv1 (EAP-GTC, less common and created by Cisco)
- LEAP
For more information, see the Wi-Fi section of this reference.
FaceTime and iMessage encryption
iOS and OS X create a unique ID for each FaceTime and iMessage user, ensuring communications are encrypted, routed, and connected properly.
