ICS35.030

CCSL80

中華人民共和國密碼行業(yè)標準

GM/T0025—2023

代替GM/T0025—2014

SSLVPN網關產品規(guī)范

SSLVPNgatewayproductspecification

2023?12?04發(fā)布2024?06?01實施

國家密碼管理局發(fā)布

GM/T0025—2023

目次

前言··························································································································Ⅲ

1范圍·······················································································································1

2規(guī)范性引用文件········································································································1

3術語和定義··············································································································1

4縮略語····················································································································1

5密碼算法和密鑰種類··································································································2

5.1算法要求···········································································································2

5.2密鑰種類···········································································································2

6SSLVPN網關產品要求·····························································································2

6.1產品功能要求·····································································································2

6.2產品性能參數·····································································································4

6.3產品安全性要求··································································································4

6.4產品管理要求·····································································································5

6.5產品硬件要求·····································································································7

6.6過程保護········································································································7

6.7參數可配置能力要求····························································································7

7SSLVPN網關產品檢測要求·······················································································7

7.1檢測說明···········································································································7

7.2外觀和結構的檢查·······························································································8

7.3提交文檔的檢查··································································································8

7.4產品功能檢測·····································································································8

7.5產品性能檢測·····································································································9

7.6安全管理檢測·····································································································9

7.7硬件檢測··········································································································11

8判定規(guī)則···············································································································11

Ⅰ

GM/T0025—2023

前言

本文件按照GB/T1.1—2020《標準化工作導則第1部分：標準化文件的結構和起草規(guī)則》的規(guī)

定起草。

本文件代替GM/T0025—2014《SSLVPN網關產品規(guī)范》，與GM/T0025—2014相比，除結構調

整和編輯性改動外，主要技術變化如下：

a）增加了GB/T25069（見第2章）、GM/T0016（見6.3.1）、GM/T0028（見6.3.2.2，6.3.2.3和

6.3.2.4）、GM/T0050（見6.4.1）、GM/T0062（見6.4.2.3.3）和GM/Z4001（見第2章），刪除

了GB/T17964和GM/T0014（見2014年版的第2章）；

b）刪除了術語“密碼算法”（見2014年版的3.1.1）、“密碼雜湊算法”（見2014年版的3.1.2）、“非

對稱密碼算法/公鑰密碼算法”（見2014年版的3.1.3）、“對稱密碼算法”（見2014年版的

3.1.4）、“分組密碼算法”（見2014年版的3.1.5）、“密文分組鏈接工作模式”（見2014年版的

3.1.6）、“初始化向量/值”（見2014年版的3.1.7）、“數字證書”（見2014年版的3.1.8）、“SSL

協(xié)議”（見2014年版的3.1.9）、“虛擬專用網絡”（見2014年版的3.1.10）和“SM2算法”（見

2014年版的3.1.11）；

c）增加了縮略語“GCM”和“TLCP”（見第4章）；

d）增加了GCM模式（見5.1）；

e）增加了對隨機數生成的描述（見6.1.1）；

f）更改了產品性能參數要求的描述（見6.2，2014年版的5.2）；

g）更改了密鑰安全的描述（見6.3.1，2014年版的5.3.1）；

h）增加了敏感參數配置安全（見6.3.2.2）；

i）增加了應符合GM/T0028對硬件模塊物理安全規(guī)定的描述（見6.3.2.3）；

j）增加了應符合GM/T0028對軟件/固件安全的規(guī)定和軟件升級相關要求的描述（見

6.3.2.4）；

k）增加了遠程管理（見6.4.1）；

l）增加了一些管理員口令量化的指標（見6.4.2.2）；

m）增加了設備管理中注冊和監(jiān)控（6.4.2.3.2）；

n）更改了“隨機數發(fā)生器”的要求（見6.5.3，2014年版的5.4.4.3）；

o）更改了“加密部件”的描述（6.5.2，2014年版的5.4.4.2）；

p）增加了“檢測說明”“外觀和結構檢查”和“提交文檔的檢查”（見7.1，7.2和7.3）；

q）增加了安全管理檢測的檢測方法的描述（見7.6）；

r）增加了敏感參數配置安全檢測的描述（見7.6.1.3）；

s）增加了遠程管理檢測的描述（見7.6.2.4）；

t）增加了硬件要求的檢測方法的描述（見7.7）；

u)更改了判定規(guī)則（見第8章，2014年版的第7章）。

請注意本文件的某些內容可能涉及專利。本文件的發(fā)布機構不承擔識別專利的責任。

本文件由密碼行業(yè)標準化技術委員會提出并歸口。

本文件起草單位：格爾軟件股份有限公司、無錫江南信息安全工程技術中心、山東得安信息技術有

限公司、北京信安世紀科技股份有限公司、飛天誠信股份有限公司、廣東省電子商務認證有限公司、北

京國脈信安科技有限公司、中電信量子信息科技集團有限公司、山東漁翁信息技術股份有限公司、天融

Ⅲ

GM/T0025—2023

信科技集團股份有限公司、上海數字證書認證中心有限公司、智巡密碼（上海）檢測技術有限公司、山東

大學、興唐通信科技有限公司、中電科網絡安全科技股份有限公司、北京數字認證股份有限公司。

本文件主要起草人：鄭強、譚武征、孔凡玉、胡金山、李元正、汪宗斌、朱鵬飛、梁寧寧、藥樂、王鵬、

羅俊、安高峰、劉承、韓瑋、李述勝、王麗娜、邱媛、韓琳、董明富。

本文件所代替文件的歷次版本發(fā)布情況為：

——2014年首次發(fā)布為GM/T0025—2014；

——本次為第一次修訂。

Ⅳ

GM/T0025—2023

SSLVPN網關產品規(guī)范

1范圍

本文件規(guī)定了SSLVPN網關產品的功能要求、硬件要求、軟件要求、安全性要求和檢測要求。

本文件適用于SSLVPN網關產品的研發(fā)、檢測和管理。

2規(guī)范性引用文件

下列文件中的內容通過文中的規(guī)范性引用而構成本文件必不可少的條款。其中，注日期的引用文

件，僅該日期對應的版本適用于本文件；不注日期的引用文件，其最新版本（包括所有的修改單）適用于

本文件。

GB/T9813.3計算機通用規(guī)范第3部分：服務器