Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Simple configuration FIXEdge -> Stunnel -> SSL acceptor

Install stunnel

...

Warning

Since FIX Antenna C++/.NET version 2.13.0 and FIXEdge version, 5.9.0 SSL built-in support has been introduced. Refer to How to configure built-in SSL support for FIX sessions in FIXEdge for details. However, you can continue use stunnel with accordance to the current article if you wish.

Table of Contents

...

Stunnel installation

Download latest version of the installer from https://www.stunnel.org/downloads.html

Run the installer and answer questions to generate a certificate.

Configuration example #1. FIXEdge's initiator connects to SSL acceptor over Stunnel

Configure stunnel

Initiator FIX session

  1. Run stunnel GUI Start from Start

...

  1. menu Run  
  2. Editstunnel.conf from stunnel system tray icon context menu

...

  1. . Add a new SSL service

    Code Block
    titlestunnel.conf
    [fix_initiator_session1_tunnel]

...

  1. 
    client = yes

...

  1. 
    accept  = 127.0.0.1:443

...

  1. 
    connect

...

  1.  = <counterparty_ip>:443

    <counterparty_ip> - ip address of counterparty

  2. Reload stunnel.conf from stunnel system tray icon context menu

Configure fix session in FIXEdge

  1. Open FIXEdge.properties to specify Initiator FIX session parameters:

    Initiator FIX session

    Code Block
    title FIXEdge.properties
    FixLayer.FixEngine.Session.SSLInitiator.Role = Initiator
    FixLayer.FixEngine.Session.SSLInitiator.Host = 127.0.0.1
    FixLayer.FixEngine.Session.SSLInitiator.Port = 443

 

Complex configuration: Broker/Stock -> Broker's/Stock's Stunnel -> FIXEdge's Stunnel -> FIXEdge -> FIXEdge's Stunnel -> Broker's/Stock's Stunnel -> Broker/Stock

Server F (FIXEDGE):  y.y.y.y where FIXEdge is installed

Server B (BROKER):  x.x.x.x where SimpleClient #1 and SimpleClient #2 are installed. SimpleClient #1 will simulate Broker and SimpleClient #2 will simulate StockExchange.

 

F (FIXEDGE) CONFIGURATION:

 

1. FIXEdge.properties:

 

...

  1. Info

    See Additional properties for SSL configuration also

  2. Connect to VPN (if necessary; if not, just skip this step);
  3. Start FIXEdge.

Configuration example #2. FIXEdge is a proxy between 2 counterparties.

The current configuration describes the following scenario.

FIXEdge establishes SSL connection to Exchange. The client connects to FIXEdge over SSL. All messages from Exchange are routed to the Client and vice versa.

Stunnel is configured for Incoming and outgoing connections on FIXEdge's side and on the Client side.

Image Added


Info

The next configuration parameters are used in the configuration examples:

<exchange_ip> - Exchange's IP

<FIXEdge_ip> - FIXEdge IP

TCP port for SSL Connections on FIXEdge site: 443

TCP port for SSL Connections on Exchange site: 443

FIXEdge ListenPort from engine.properties: 8901

Configuration on FIXEdge side

FIXEdge.properties

FIXEdge has two configured sessions: EXCHANGE and CLIENT

Code Block
languageperl
titleFIXEdge.properties
FixLayer.FixEngine.Sessions = EXCHANGE, CLIENT
# -----------------[

...

 FIXEdge connects to EXCHANGE as Initiator ] ------------------

...


FixLayer.FixEngine.Session.

...

EXCHANGE.Role = Initiator
FixLayer.FixEngine.Session.

...

EXCHANGE.HBI = 30
FixLayer.FixEngine.Session.

...

FixLayer.FixEngine.Session.FIXEDGE-SC1.IgnoreSeqNumTooLowAtLogon = false

FixLayer.FixEngine.Session.FIXEDGE-SC1.IntradayLogoutTolerance = false

FixLayer.FixEngine.Session.FIXEDGE-SC1.MaxMessagesAmountInBunch = 0

FixLayer.FixEngine.Session.FIXEDGE-SC1.RecreateOnLogout = false

EXCHANGE.Host = 127.0.0.1
FixLayer.FixEngine.Session.

...

EXCHANGE.Port = 444
FixLayer.FixEngine.Session.

...

EXCHANGE.Version = FIX44
FixLayer.FixEngine.Session.

...

FixLayer.FixEngine.Session.FIXEDGE-SC1.SenderCompID = FIXEDGE

EXCHANGE.SenderCompID = FIXEDGE
FixLayer.FixEngine.Session.

...

FixLayer.FixEngine.Session.FIXEDGE-SC1.SenderSubID =

FixLayer.FixEngine.Session.FIXEDGE-SC1.SocketPriority = EVEN

FixLayer.FixEngine.Session.FIXEDGE-SC1.SecurityGroups =

FixLayer.FixEngine.Session.FIXEDGE-SC1.StorageType = persistentmm

FixLayer.FixEngine.Session.FIXEDGE-SC1.TargetCompID = SC1

FixLayer.FixEngine.Session.FIXEDGE-SC1.TargetLocationID =

FixLayer.FixEngine.Session.FIXEDGE-SC1.TargetSubID =

FixLayer.FixEngine.Session.FIXEDGE-SC1.TcpBufferDisabled = false

 

...

EXCHANGE.TargetCompID = EXCHANGE
# ... the rest parameters for EXCHANGE

# -----------------

...

 [ FIXEdge accepts connection from the CLIENT] ----------

...


FixLayer.FixEngine.Session.

...

CLIENT.Role = Acceptor
FixLayer.FixEngine.Session.

...

CLIENT.Version = FIX44
FixLayer.FixEngine.Session.

...

FixLayer.FixEngine.Session.FIXEDGE-SC2.ForceSeqNumReset = 0

FixLayer.FixEngine.Session.FIXEDGE-SC2.HBI = 30

FixLayer.FixEngine.Session.FIXEDGE-SC2.Host = 127.0.0.1

FixLayer.FixEngine.Session.FIXEDGE-SC2.IgnoreSeqNumTooLowAtLogon = false

FixLayer.FixEngine.Session.FIXEDGE-SC2.IntradayLogoutTolerance = false

FixLayer.FixEngine.Session.FIXEDGE-SC2.MaxMessagesAmountInBunch = 0

FixLayer.FixEngine.Session.FIXEDGE-SC2.Port = 444

FixLayer.FixEngine.Session.FIXEDGE-SC2.RecreateOnLogout = false

FixLayer.FixEngine.Session.FIXEDGE-SC2.TerminateOnLogout = true

FixLayer.FixEngine.Session.FIXEDGE-SC2.RejectMessageWhileNoConnection = false

FixLayer.FixEngine.Session.FIXEDGE-SC2.Role = Initiator

FixLayer.FixEngine.Session.FIXEDGE-SC2.SenderCompID = FIXEDGE

CLIENT.SenderCompID = FIXEDGE
FixLayer.FixEngine.Session.

...

FixLayer.FixEngine.Session.FIXEDGE-SC2.SenderSubID =

FixLayer.FixEngine.Session.FIXEDGE-SC2.SocketPriority = EVEN

FixLayer.FixEngine.Session.FIXEDGE-SC2.SecurityGroups =

FixLayer.FixEngine.Session.FIXEDGE-SC2.StorageType = persistentmm

FixLayer.FixEngine.Session.FIXEDGE-SC2.TargetCompID = SC2

FixLayer.FixEngine.Session.FIXEDGE-SC2.TargetLocationID =

FixLayer.FixEngine.Session.FIXEDGE-SC2.TargetSubID =

FixLayer.FixEngine.Session.FIXEDGE-SC2.TcpBufferDisabled = false

 

2. BL_Config.xml:

 

 

                                <Rule>

                                                <Source Name="FIXEDGE-SC1"/>

                                                <Action>

                                                                <Send Name="FIXEDGE-SC2" />

                                                </Action>

                                </Rule>

 

                                <Rule>

                                                <Source Name="FIXEDGE-SC2"/>

                                                <Action>

                                                                <Send Name="FIXEDGE-SC1" />

                                                </Action>

                                </Rule>

 

3. stunnel config:

[ToStockExchange]

protocol = proxy

client = yes

...

CLIENT.TargetCompID = CLIENT
# ... the rest parameters for CLIENT


Info

See Additional properties for SSL configuration also

BL_Config.xml

Simple routing configuration

Code Block
languagexml
<Rule>
	<Source Name="CLIENT"/>
    <Action>
    	<Send Name="EXCHANGE" />
	</Action>
</Rule>

<Rule>
	<Source Name="EXCHANGE"/>
    <Action>
    	<Send Name="CLIENT" />
    </Action>
</Rule>

stunnel.conf

Code Block
[Tunnel_for_EXCHANGE]
protocol = proxy
client = yes
accept  = 127.0.0.1:444

...


connect

...

 = <exchange_ip>:443

...


 

...

[FromBroker]

protocol = proxy

accept  = y.y.y.y:443

...


[Tunnel_for_CLIENT]
protocol = proxy
accept  = <FIXEdge_ip>:443
connect = 127.0.0.1:8901

 

 

B (BROKER) CONFIGURATION:

 

...

Configuration on the Client side

stunnel.conf

...

Code Block
[

...

protocol = proxy

client = yes

...

Tunnel_for_FIXEdge]
protocol = proxy
client = yes
accept  = 127.0.0.1:444

...


connect

...

 = <FIXEdge_ip>:443

 

[FromFIXEdgeToStockExchange]

protocol = proxy

accept  = x.x.x.x:443

connect = 127.0.0.1:9106

 

2. SimpleClient #1 conf:

SenderCompID = SC1

TargetCompID = FIXEDGE

...

Client's properties

Code Block
SenderCompID = Client
TargetCompID = FIXEDGE
Remote host = 127.0.0.1

...


Remote port = 444

Set ListenPort in engine.properties to 9107 (ListenPort = 9107)

 

3. SimpleClient #2 conf:

Set ListenPort in engine.properties to 9106 (ListenPort = 9106)

 

 

Start SimpleClient #2

Start FIXEdge - session between FIXEdge and SimpleClient #2 (SC2) should be established

Start SimpleClient #1 (SC1) and establish session with FIXEdge using parameters from point 3

Send application level messages from SimpleClient #1 - message will be routed to SimpleClient #2

Send application level messages from SimpleClient #2 - message will be routed to SimpleClient #1

...

FIXEdge uses Windows certificate store for connection to an Exchange.

  1. Import the certificate to windows certificate with a certutil tool

    Code Block
    certutil -addstore -user -f "My" <filename>.crt
  2. Configure Windows Certificate store in Stunnel

    Code Block
    titlestunnel.conf
    engine = capi

    and configure tunnel for the session requiring SSL Connection

    Code Block
    titlestunnel.conf
    [Exchange SSL connection]
    client = yes
    engineId = capi
    accept = 127.0.0.1:8443
    connect = <exchange ip>:<exchange port>

    <exchange ip> - Enchange connection IP
    <exchange port> - Enchange connection port

  3. Configure Initiator session in FIXEdge.properties

    Code Block
    titleFIXEdge.properties
    FixLayer.FixEngine.Session.EXCHANGE.Version = FIX44
    FixLayer.FixEngine.Session.EXCHANGE.Role = Initiator
    FixLayer.FixEngine.Session.EXCHANGE.SenderCompID = FIXEDGE
    FixLayer.FixEngine.Session.EXCHANGE.TargetCompID = EXCHANGE
    FixLayer.FixEngine.Session.EXCHANGE.Host = 127.0.0.1
    FixLayer.FixEngine.Session.EXCHANGE.Port = 8443
    FixLayer.FixEngine.Session.EXCHANGE.HBI = 30
    FixLayer.FixEngine.Session.EXCHANGE.RecreateOnLogout = true
    Info

    See Additional properties for SSL configuration also