Design And Implementation Of SSL VPN Based On National Commercial Cryptograph Algorithm

Network communication security has risen to the strategic height of our country and always been the focus of attention in the age of the Internet.With the development of Internet technology,with the multiformities of internet applications, the demand on the security of remote access make obvious day by day,VPN market is growing by leaps and bounds.As the shortcomings coming to appear gradually in the application of IPsec VPN,for example,conflication with NAT equipment,complexity in configuration and use the security risks brought to the operating system kenel,people began to seek more secure and easy-to-use VPN technology.SSL-based VPN is the most spectacular VPN technology,which is a new type of VPN.Due to the lack of unified standards and norms,the current VPN products based on the SSL protocol differs greatly from each other in technology and function,as brings difficulties to the choice of VPN products.In addition,because of the United States' s controls on the export of encryption products,the key in the standard SSL protocol implementation is shorter and thes its strength was greatly weakened.So it can not be used in some fields that require more stringent security.Therefore it is necessary to make an in-depty study on SSL-based VPN and to impore it.In this paper,we have deeply and systematically studied the concept,the primary principle,the working mode and the key technologies,and we have designed the SSL VPN and developed the key module of it.The main work of this paper is as follows:1. Compared SSL VPN and IPsec VPN,which supports to point out the limitations of the traditional SSL VPN in application and to put forward the corresponding solution.And mainly studied the key technologies of SSL VPN.2. By analyzing the traditional SSL protocol, extend SSL protocol to support the national cryptographic algorithms,and to improve the counrty close SSL protocol based on double certificate PKI system,the introduction of property certificates,SSL protocol together form a highly efficient and secure SSL VPN secure tunneling protocol.3. On the basis of the designing of the SSL VPN system,combining the SSL Control protocol,proposed the implementation of the role access control,designed an SSL VPN server.And designed the SSL Control protocol,and studied the key questions considered to implement the SSL VPN server.4.Build a typical web application security testing enviroment.By configuring the certificates of the web server and client,make the both sides can communicate using the SSL protocol and the secret cipher suite,verify the design of SSL VPN.The results of this paper may provide secure communication support of transport layer for all types of security applications, including identity authentication, HTTPS Web communications, and etc. Because of the time, in many places it is still not perfect, only to achieve the support of soft algorithm can achieve subsequent hardware support, to provide better support.