SSL VPN authentication method, client and gateway, and server

Abstract

The embodiments of the invention provide an SSL VPN authentication method, client, and gateway, and a server. The method comprises the following steps that: an SSL VPN client sends a first login request message to an SSL VPN gateway after the SSL VPN client establishes a connection with the SSL VPN gateway; the SSL VPN gateway sends a first authentication request message to an AAA server after receiving the first login request message; the AAA server performs a certificate authentication interaction process with the SSL VPN client when identifying that the first authentication request messagecarries a certificate authentication identifier; and it can be determined that the SSL VPN authentication is successful if the SSL VPN client verifies that the server certificate of the AAA server isvalid and the AAA server verifies that the client certificate of the SSL VPN client is valid. The SSL VPN client and the AAA server are guaranteed to be equipment which can be identified as effectivethrough the bidirectional certificate verification between the SSL VPN client and the AAA server, and the SSL VPN client and the AAA server are prevented from being spoofed, thereby improving the security of SSL VPN authentication.

Description

technical field [0001] The invention relates to the field of network technology, in particular to an SSL VPN authentication method, a client, a server and a gateway. Background technique [0002] SSL VPN is a new VPN (Virtual Private Network, virtual private network) technology based on the SSL (Secure Socket Layer) / TLS (TransportLayer Security, Transport Layer Security) protocol. SSL VPN authentication provides a safe and reliable way for access users to access internal resources. [0003] Currently, during the SSL VPN authentication process, the SSL VPN client sends the user name and password to the SSL VPN gateway, and the SSL VPN gateway forwards the user name and password to the AAA (Authentication Authorization Accounting, authentication, authorization, accounting) server for verification. If the AAA server authentication passes, it is determined that the SSL VPN authentication is successful. [0004] However, when SSL VPN clients and SSL VPN gateways send usernames ...

AI Technical Summary

Problems solved by technology

[0004] However, when SSL VPN clients and SSL VPN gateways send usernames and passwords, they send them to the AAA server based on attribute information such as the address and name of the AAA server, and these attribute information are easily used by counterfeit phishing websites to send illegal usernames and passwords to the AAA server. The password has been verified, and there is a big security risk

Images