Research And Implementation Of Ssl Secure Communication Protocol Based On Chinese Cipher

Network communication security has risen to the strategic height of our country and always been the focus of attention in the age of the Internet. Secure Socket Layer(SSL) protocol is currently the most widely used transport layer security protocol which provides protection for the secure transmission of application data, and plays an extremely important role in areas such as e-government and e-commerce. However, SSL protocol using the traditional cryptographic algorithms can not meet the demand of China’s commercial cryptographic applications. Faced with the increasingly grim security situation, the State Encryption Administration issued national commercial cryptographic algorithms-- SM algorithms, and also drafted a guidance called "SSL VPN technical specifications based on Chinese cipher" to direct the development of the SSL VPN using SM algorithms.This article implements national commercial cryptographic algorithms based on Open SSL. And then the SSL VPN protocol using the national cryptographic algorithms is implemented following the "SSL VPN technical specifications based on Chinese cipher". Specifically, including the following four aspects:1. On the basis of the cryptographic engine mechanism of Open SSL, the national cryptographic algorithms-- SM2, SM3, SM4-- are extended into the source code of Open SSL. Thus, Open SSL crypto library can support the national commercial cryptographic algorithms, and we could build a lightweight CA using PKI tools of Open SSL for issuing and managing certificates with SM2.2. By analyzing the traditional SSL protocol, extend SSL protocol to support the national cryptographic algorithms. The negotiation process of cipher suites between communicating parties is analyzed, and the national cipher suites related with cryptographic algorithms are added, which invoked the series of SM algorithms at the low layer.3. Based on the extension of Open SSL to build a typical web application security testing environment. SSL protocol with Chinese cipher is used to protect the communication by configuring the Web server and local-port agents in client. Lastly, we capture the communication traffict to verify the correctness of the newly extended SSL protocol.The results of this paper may provide secure communication support of transport layer for all types of security applications, including HTTPS Web communications, SMTPS, SSL VPN and etc. Only ECC-SM1-SM3 cipher suite is implemented currently. All other cipher suites specified in "SSL VPN technical specifications based on Chinese cipher" "National Cryptographic Algorithms SSL VPN technology standard" will be implemented to provide better support.