Since FIX Antenna C++/.NET version 2.13.0 and FIXEdge version 5.9.0 SSL built-in support has been introduced. Refer to How to configure built-in SSL support for FIX session in FIXEdge for details. However, you can continue use stunnel with accordance to the current article if you wish.
Stunnel installation
Download latest version of installer from https://www.stunnel.org/downloads.html
Run installer and answer questions to generate certificate.
Configuration example #1. FIXEdge's initiator connects to SSL acceptor over Stunnel
Configure stunnel
Initiator FIX session
- Run stunnel GUI Start from Start menu Run
- Edit stunnel.conf from stunnel system tray icon context menu
- Add option stunnel.conf
protocol = proxy
- Comment example SSL services
Add SSL service
stunnel.conf[fix_initiator_session1_tunnel] client = yes accept = 127.0.0.1:443 connect = <counterparty_ip>:443
<counterparty_ip> - ip address of counterparty
- Add option
- Reload stunnel.conf from stunnel system tray icon context menu
Configure fix session in FIXEdge
Open FIXEdge.properties to specify Initiator FIX session parameters:
Initiator FIX session
FIXEdge.propertiesFixLayer.FixEngine.Session.SSLInitiator.Role = Initiator FixLayer.FixEngine.Session.SSLInitiator.Host = 127.0.0.1 FixLayer.FixEngine.Session.SSLInitiator.Port = 443
Connect to VPN (if necessary; if not, just skip this step);
Start FIXEdge.
Configuration example #2. FIXEdge is a proxy between 2 counterparties.
The current configuration describes the following scenario.
FIXEdge establishes SSL connection to Exchange. The client connects to FIXEdge over SSL. All messages from Exchange are routed to the Client and vice versa.
Stunnel is configured for Incoming and outgoing connections on FIXEdge's side and on the Client side.
The next configuration parameters are used in the configuration examples:
<exchange_ip> - Exchange's IP
<FIXEdge_ip> - FIXEdge IP
TCP port for SSL Connections on FIXEdge site: 443
TCP port for SSL Connections on Exchange site: 443
Configuration on FIXEdge side
FIXEdge.properties
Configured 2 sessions EXCHANGE and CLIENT
FixLayer.FixEngine.Sessions = EXCHANGE, CLIENT # -----------------[ FIXEdge connects to EXCHANGE as Initiator ] ------------------ FixLayer.FixEngine.Session.EXCHANGE.Role = Initiator FixLayer.FixEngine.Session.EXCHANGE.HBI = 30 FixLayer.FixEngine.Session.EXCHANGE.Host = 127.0.0.1 FixLayer.FixEngine.Session.EXCHANGE.Port = 444 FixLayer.FixEngine.Session.EXCHANGE.Version = FIX44 FixLayer.FixEngine.Session.EXCHANGE.SenderCompID = FIXEDGE FixLayer.FixEngine.Session.EXCHANGE.TargetCompID = EXCHANGE # ... the rest parameters for EXCHANGE # ----------------- [ FIXEdge awaits connection from the CLIENT] ----------FixLayer.FixEngine.Session.EXCHANGE.Role = Initiator FixLayer.FixEngine.Session.CLIENT.Role = Acceptor FixLayer.FixEngine.Session.CLIENT.Version = FIX44 FixLayer.FixEngine.Session.CLIENT.SenderCompID = FIXEDGE FixLayer.FixEngine.Session.CLIENT.TargetCompID = CLIENT # ... the rest parameters for CLIENT
BL_Config.xml
Simple routing configuration
<Rule> <Source Name="CLIENT"/> <Action> <Send Name="EXCHANGE" /> </Action> </Rule> <Rule> <Source Name="EXCHANGE"/> <Action> <Send Name="CLIENT" /> </Action> </Rule>
stunnel.conf
[Tunnel_for_EXCHANGE] protocol = proxy client = yes accept = 127.0.0.1:444 connect = <exchange_ip>:443 [Tunnel_for_CLIENT] protocol = proxy accept = <FIXEdge_ip>:443 connect = 127.0.0.1:8901
Configuration on the Client side
stunnel.conf
[Tunnel_for_FIXEdge] protocol = proxy client = yes accept = 127.0.0.1:444 connect = <FIXEdge_ip>:443
Client's properties
SenderCompID = Client TargetCompID = FIXEDGE Remote host = 127.0.0.1 Remote port = 444