Simple configuration FIXEdge -> Stunnel -> SSL acceptor

Install stunnel

Download latest version installer from https://www.stunnel.org/downloads.html

Run installer and answer questions to generate certificate.

Configure stunnel

Initiator FIX session

Run stunnel GUI Start from Start menuRun
Edit stunnel.conf from stunnel system tray icon context menu
- Add option
  protocol = proxy
- Comment example SSL services
- Add SSL service
  [fix_initiator_session1_tunnel]
  client = yes
  accept = 127.0.0.1:443
  connect = 63.247.113.201:443
Run Reload stunnel.conf from stunnel system tray icon context menu

Configure fix session

Initiator FIX session

FIXEdge.properties

FixLayer.FixEngine.Session.SSLInitiator.Role = Initiator
FixLayer.FixEngine.Session.SSLInitiator.Host = 127.0.0.1
FixLayer.FixEngine.Session.SSLInitiator.Port = 443

Complex configuration: Broker/Stock -> Broker's/Stock's Stunnel -> FIXEdge's Stunnel -> FIXEdge -> FIXEdge's Stunnel -> Broker's/Stock's Stunnel -> Broker/Stock

Server F (FIXEDGE): y.y.y.y where FIXEdge is installed

Server B (BROKER): x.x.x.x where SimpleClient #1 and SimpleClient #2 are installed. SimpleClient #1 will simulate Broker and SimpleClient #2 will simulate StockExchange.

Server F (FIXEDGE) Configuration

FIXEdge.properties

# -----------------[ SC1 AS ACCEPTOR SEND MESSAGE TO SC2 ] ------------------
FixLayer.FixEngine.Session.FIXEDGE-SC1.Version = FIX44
FixLayer.FixEngine.Session.FIXEDGE-SC1.EncryptMethod = 0
FixLayer.FixEngine.Session.FIXEDGE-SC1.ForceSeqNumReset = 0
FixLayer.FixEngine.Session.FIXEDGE-SC1.IgnoreSeqNumTooLowAtLogon = false
FixLayer.FixEngine.Session.FIXEDGE-SC1.IntradayLogoutTolerance = false
FixLayer.FixEngine.Session.FIXEDGE-SC1.MaxMessagesAmountInBunch = 0
FixLayer.FixEngine.Session.FIXEDGE-SC1.RecreateOnLogout = false
FixLayer.FixEngine.Session.FIXEDGE-SC1.TerminateOnLogout = true
FixLayer.FixEngine.Session.FIXEDGE-SC1.RejectMessageWhileNoConnection = false
FixLayer.FixEngine.Session.FIXEDGE-SC1.Role = Acceptor
FixLayer.FixEngine.Session.FIXEDGE-SC1.SenderCompID = FIXEDGE
FixLayer.FixEngine.Session.FIXEDGE-SC1.SenderLocationID =
FixLayer.FixEngine.Session.FIXEDGE-SC1.SenderSubID =
FixLayer.FixEngine.Session.FIXEDGE-SC1.SocketPriority = EVEN
FixLayer.FixEngine.Session.FIXEDGE-SC1.SecurityGroups =
FixLayer.FixEngine.Session.FIXEDGE-SC1.StorageType = persistentmm
FixLayer.FixEngine.Session.FIXEDGE-SC1.TargetCompID = SC1
FixLayer.FixEngine.Session.FIXEDGE-SC1.TargetLocationID =
FixLayer.FixEngine.Session.FIXEDGE-SC1.TargetSubID =
FixLayer.FixEngine.Session.FIXEDGE-SC1.TcpBufferDisabled = false

# ----------------- [SC2 AS  INITIATOR RECEIVED MESSAGES SENT FROM  SC1] ----------
FixLayer.FixEngine.Session.FIXEDGE-SC2.Version = FIX44
FixLayer.FixEngine.Session.FIXEDGE-SC2.EncryptMethod = 0
FixLayer.FixEngine.Session.FIXEDGE-SC2.ForceReconnect = false
FixLayer.FixEngine.Session.FIXEDGE-SC2.ForceSeqNumReset = 0
FixLayer.FixEngine.Session.FIXEDGE-SC2.HBI = 30
FixLayer.FixEngine.Session.FIXEDGE-SC2.Host = 127.0.0.1
FixLayer.FixEngine.Session.FIXEDGE-SC2.IgnoreSeqNumTooLowAtLogon = false
FixLayer.FixEngine.Session.FIXEDGE-SC2.IntradayLogoutTolerance = false
FixLayer.FixEngine.Session.FIXEDGE-SC2.MaxMessagesAmountInBunch = 0
FixLayer.FixEngine.Session.FIXEDGE-SC2.Port = 444
FixLayer.FixEngine.Session.FIXEDGE-SC2.RecreateOnLogout = false
FixLayer.FixEngine.Session.FIXEDGE-SC2.TerminateOnLogout = true
FixLayer.FixEngine.Session.FIXEDGE-SC2.RejectMessageWhileNoConnection = false
FixLayer.FixEngine.Session.FIXEDGE-SC2.Role = Initiator
FixLayer.FixEngine.Session.FIXEDGE-SC2.SenderCompID = FIXEDGE
FixLayer.FixEngine.Session.FIXEDGE-SC2.SenderLocationID =
FixLayer.FixEngine.Session.FIXEDGE-SC2.SenderSubID =
FixLayer.FixEngine.Session.FIXEDGE-SC2.SocketPriority = EVEN
FixLayer.FixEngine.Session.FIXEDGE-SC2.SecurityGroups =
FixLayer.FixEngine.Session.FIXEDGE-SC2.StorageType = persistentmm
FixLayer.FixEngine.Session.FIXEDGE-SC2.TargetCompID = SC2
FixLayer.FixEngine.Session.FIXEDGE-SC2.TargetLocationID =
FixLayer.FixEngine.Session.FIXEDGE-SC2.TargetSubID =
FixLayer.FixEngine.Session.FIXEDGE-SC2.TcpBufferDisabled = false

2. BL_Config.xml:

<Rule>

</Action>

</Rule>

<Rule>

</Action>

</Rule>

3. stunnel config:

[ToStockExchange]

protocol = proxy

client = yes

accept = 127.0.0.1:444

connect = x.x.x.x:443

[FromBroker]

protocol = proxy

accept = y.y.y.y:443

connect = 127.0.0.1:8901

B (BROKER) CONFIGURATION:

1. stunnel.conf:

[FromBrokerToFIXEdge]

protocol = proxy

client = yes

accept = 127.0.0.1:444

connect = y.y.y.y:443

[FromFIXEdgeToStockExchange]

protocol = proxy

accept = x.x.x.x:443

connect = 127.0.0.1:9106

2. SimpleClient #1 conf:

SenderCompID = SC1

TargetCompID = FIXEDGE

Remote host = 127.0.0.1

Remote port = 444

Set ListenPort in engine.properties to 9107 (ListenPort = 9107)

3. SimpleClient #2 conf:

Set ListenPort in engine.properties to 9106 (ListenPort = 9106)

Start SimpleClient #2

Start FIXEdge - session between FIXEdge and SimpleClient #2 (SC2) should be established

Start SimpleClient #1 (SC1) and establish session with FIXEdge using parameters from point 3

Send application level messages from SimpleClient #1 - message will be routed to SimpleClient #2

Send application level messages from SimpleClient #2 - message will be routed to SimpleClient #1

SSL for FIX session

Simple configuration FIXEdge -> Stunnel -> SSL acceptor

Install stunnel

Configure stunnel

Initiator FIX session

Configure fix session

Initiator FIX session

Complex configuration: Broker/Stock -> Broker's/Stock's Stunnel -> FIXEdge's Stunnel -> FIXEdge -> FIXEdge's Stunnel -> Broker's/Stock's Stunnel -> Broker/Stock

Server F (FIXEDGE) Configuration

FIXEdge.properties