I can't seem to find any great sources on SSL VPNs. That is, a good book or URL that explains the technical aspects of SSL VPNs? can you help?
SSL, and its IETF standard sibling, TLS, are well-documented in RFCs and books:
Rescorla, Eric, SSL and TLS: Designing and Building Secure Systems, Addison-Wesley, 2000, ISBN 0201615983
Thomas, Stephen, SSL & TLS Essentials: Securing the Web, Wiley & Sons, 2000, ISBN 0471383546
Dierks and Allen, TLS Protocol v1.0, 1999, RFC 2246
SSL VPNs -- products that use SSL or TLS to enable browser-based remote access through a VPN gateway -- have been around for years, but it's only since 2002 that this market has really taken off. I haven't seen any definitive books published about SSL VPNs yet, but I'm sure that will change soon. Most vendors in this market have published technical white papers that describe the capabilities of SSL VPNs and compare them to other approaches like IPsec. Here are some examples:
Aventail: Comparing secure remote access options: IPSec VPNs vs. SSL VPNs
Checkpoint: IPsec Versus "Clientless" VPNs
Cisco: Top 100 Questions and Answers on SSL VPN
F5: Enterprise Remote Access
Netilla: A Comparison of VPN Solutions: SSL Vs. IPSec
Netscreen: VPN Decision Guide: IPSec or SSL VPN Decision Criteria
Whale: Understanding SSL VPNs
You might also be interested in reading an article I wrote on this topic for Information Security Magazine.
This was first published in April 2004