Based On The Ssl Vpn Gateway System Design And Realization

With the rapid development of network technology, the increasing demand for network and network security has become increasingly concerned about the issue, especially with the rapid development of modern E-Commerce and E-Government-affairs, and related VPN products and VPN technology rapid development too.VPN technology is a virtual private network technology which use the cryptogram knowledge in the establishment of open public networks. IPSec VPN and SSL VPN is used up two VPN technology and products. IPSec VPN work in the network layer, whereas SSL VPN work in security socket layer, the latter has much merit such as the lower deployment and management costs;a higher security;better to expand;more thinner control capabilities of access;better economic and other advantages. But it has its own shortcomings and the need for further improvement.In SSL VPN, use a series of cryptogram knowledge related, including symmetric encryption, asymmetric encryption, digital signatures, digital certificates and message digest, this paper careful analysis the principles of relevant cryptogram technology, and the application of direction, and combine them ,not only protecte the safety but also enhanced the performance of the system.SSL is based on TCP connections, including two layer sum up to four protocols, namely records protocol, handshake protocol, change cipher spec protocol, alert agreement. After careful analysed the principles and functions of the protocol and security and capability,it put forward the method of improving the performance.Before bring forward the resolvent, this paper analysed the VPN technology, relevant cryptogram technology and SSL protocol . The overall security gateway system will be divided into communications systems handling modules, SSL handshake processing module, records processing modules, authentication management module and data / request transmit modules, illustrate the functions of every module achieved;then focus on the principle and process of SSL handshake processing module, records processing module and authentication management module module ,it expoud the key technology such as multi-thread technology, linking strategy and session resume . After studying the existing SSL VPN products,it improve the authentication arithmetic .It combined the authentication methods which based on the CA and based on user name / password, it achieved access control functions and also through user list table and access control list table ,while ensuring system security,it improved the performance of the system . Finally, bring forward the improve direction of the system.