FIX Antenna Java support configuring secure transport separately for each initiator session. The same configuration options can be defined for SSLFIXServer instance (will be applied to acceptor sessions, initialized by this server instance).
Please check a list of configuration options below:
Property | Description | Default value |
---|---|---|
enableSSL | Enable secure transport for the initiator session. | false |
keyStorePath | Path to a Keystore, which contains private keys for secure connection | |
keyStorePassword | Keystore password | |
trustStorePath | Path to a Truststore. Usually contains a chain of trusted certificates. | |
trustStorePassword | Truststore password | |
sslKeystoreType | The type of Keystore. See the Keystore section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard types. Examples of value: JKS, JCEKS, PKCS12, PKCS11 | JKS |
sslTruststoreType | The type of Truststore. See the KeyStore section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard types. Examples of value: JKS, JCEKS, PKCS12, PKCS11 | JKS |
sslKeystoreKeyAlias | Alias filter for used entities in Keystore. The only keys with defined alias will be used for a secure connection if this property is defined. | |
sslTruststoreKeyAlias | Alias filter for used entities in Truststore. The only certificates with defined alias will be used for a secure connection if this property is defined. | |
sslProtocol | SSL protocol. See the SSLContext section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard protocol names. Examples of value: SSL, SSLv2, SSLv3, TLS, TLSv1, TLSv1.1, TLSv1.2 | TLSv1.2 |
keyManagerAlgorithm | Key manager factory algorithm name(see Customizing the Default Key Managers and Trust Managers). Possible values are SunX509, PKIX | SunX509 |
trustManagerAlgorithm | Trust manager factory algorithm name (see Customizing the Default Key Managers and Trust Managers). Possible values are SunX509, PKIX. | SunX509 |
sslServerNeedClientAuth | Define if authentication is required for the server-side socket. This option is working only for the SSLFIXServer instance | false |
The sample of creating initiator FIX session with secure connection:
// Creating connection parameters for initiator SessionParameters params = new SessionParameters(); params.setHost("localhost"); params.setPort(3000); params.setSenderCompId("initiator"); params.setTargetCompId("target"); // Define options for secure connection params.getConfiguration().setProperty(Configuration.ENABLE_SSL, "true"); params.getConfiguration().setProperty(Configuration.KEY_STORE_PATH, "etc/keystore.jks"); params.getConfiguration().setProperty(Configuration.KEY_STORE_PASSWORD, "keypass"); params.getConfiguration().setProperty(Configuration.TRUST_STORE_PATH, "etc/truststore.jks"); params.getConfiguration().setProperty(Configuration.TRUST_STORE_PASSWORD, "trustpass"); // Create and establish secure connection FIXSession fixSession = params.createInitiatorSession(); fixSession.connect();