Since FIX Antenna C++/.NET version 2.13.0 and FIXEdge version 5.9.0 SSL built-in support has been introduced. Refer to How to configure built-in SSL support for FIX session in FIXEdge for details. However, you can continue use stunnel with accordance to the current article if you wish.
Simple configuration FIXEdge -> Stunnel -> (VPN) -> SSL acceptor
Install stunnel
Download latest version of installer from https://www.stunnel.org/downloads.html
Run installer and answer questions to generate certificate.
Configure stunnel
Initiator FIX session
- Run stunnel GUI Start from Start menuRun
- Edit stunnel.conf from stunnel system tray icon context menu
- Add option
protocol = proxy - Comment example SSL services
- Add SSL service
[fix_initiator_session1_tunnel]
client = yes
accept = 127.0.0.1:443
connect = x.x.x.x:443
- Add option
- Run Reload stunnel.conf from stunnel system tray icon context menu
Configure fix session
Open FIXEdge.properties to specify Initiator FIX session parameters:
Initiator FIX session
FIXEdge.propertiesFixLayer.FixEngine.Session.SSLInitiator.Role = Initiator FixLayer.FixEngine.Session.SSLInitiator.Host = 127.0.0.1 FixLayer.FixEngine.Session.SSLInitiator.Port = 443
Connect to VPN (if necessary; if not, just skip this step);
Start FIXEdge.
Complex configuration: Broker/Stock -> Broker's/Stock's Stunnel -> FIXEdge's Stunnel -> FIXEdge -> FIXEdge's Stunnel -> Broker's/Stock's Stunnel -> Broker/Stock
Server F (FIXEDGE): y.y.y.y where FIXEdge is installed
Server B (BROKER): x.x.x.x where SimpleClient #1 and SimpleClient #2 are installed. SimpleClient #1 will simulate Broker and SimpleClient #2 will simulate StockExchange.
Server F (FIXEDGE) Configuration
FIXEdge.properties
# -----------------[ SC1 AS ACCEPTOR SEND MESSAGE TO SC2 ] ------------------ FixLayer.FixEngine.Session.FIXEDGE-SC1.Version = FIX44 FixLayer.FixEngine.Session.FIXEDGE-SC1.EncryptMethod = 0 FixLayer.FixEngine.Session.FIXEDGE-SC1.ForceSeqNumReset = 0 FixLayer.FixEngine.Session.FIXEDGE-SC1.IgnoreSeqNumTooLowAtLogon = false FixLayer.FixEngine.Session.FIXEDGE-SC1.IntradayLogoutTolerance = false FixLayer.FixEngine.Session.FIXEDGE-SC1.MaxMessagesAmountInBunch = 0 FixLayer.FixEngine.Session.FIXEDGE-SC1.RecreateOnLogout = false FixLayer.FixEngine.Session.FIXEDGE-SC1.TerminateOnLogout = true FixLayer.FixEngine.Session.FIXEDGE-SC1.RejectMessageWhileNoConnection = false FixLayer.FixEngine.Session.FIXEDGE-SC1.Role = Acceptor FixLayer.FixEngine.Session.FIXEDGE-SC1.SenderCompID = FIXEDGE FixLayer.FixEngine.Session.FIXEDGE-SC1.SenderLocationID = FixLayer.FixEngine.Session.FIXEDGE-SC1.SenderSubID = FixLayer.FixEngine.Session.FIXEDGE-SC1.SocketPriority = EVEN FixLayer.FixEngine.Session.FIXEDGE-SC1.SecurityGroups = FixLayer.FixEngine.Session.FIXEDGE-SC1.StorageType = persistentmm FixLayer.FixEngine.Session.FIXEDGE-SC1.TargetCompID = SC1 FixLayer.FixEngine.Session.FIXEDGE-SC1.TargetLocationID = FixLayer.FixEngine.Session.FIXEDGE-SC1.TargetSubID = FixLayer.FixEngine.Session.FIXEDGE-SC1.TcpBufferDisabled = false # ----------------- [SC2 AS INITIATOR RECEIVED MESSAGES SENT FROM SC1] ---------- FixLayer.FixEngine.Session.FIXEDGE-SC2.Version = FIX44 FixLayer.FixEngine.Session.FIXEDGE-SC2.EncryptMethod = 0 FixLayer.FixEngine.Session.FIXEDGE-SC2.ForceReconnect = false FixLayer.FixEngine.Session.FIXEDGE-SC2.ForceSeqNumReset = 0 FixLayer.FixEngine.Session.FIXEDGE-SC2.HBI = 30 FixLayer.FixEngine.Session.FIXEDGE-SC2.Host = 127.0.0.1 FixLayer.FixEngine.Session.FIXEDGE-SC2.IgnoreSeqNumTooLowAtLogon = false FixLayer.FixEngine.Session.FIXEDGE-SC2.IntradayLogoutTolerance = false FixLayer.FixEngine.Session.FIXEDGE-SC2.MaxMessagesAmountInBunch = 0 FixLayer.FixEngine.Session.FIXEDGE-SC2.Port = 444 FixLayer.FixEngine.Session.FIXEDGE-SC2.RecreateOnLogout = false FixLayer.FixEngine.Session.FIXEDGE-SC2.TerminateOnLogout = true FixLayer.FixEngine.Session.FIXEDGE-SC2.RejectMessageWhileNoConnection = false FixLayer.FixEngine.Session.FIXEDGE-SC2.Role = Initiator FixLayer.FixEngine.Session.FIXEDGE-SC2.SenderCompID = FIXEDGE FixLayer.FixEngine.Session.FIXEDGE-SC2.SenderLocationID = FixLayer.FixEngine.Session.FIXEDGE-SC2.SenderSubID = FixLayer.FixEngine.Session.FIXEDGE-SC2.SocketPriority = EVEN FixLayer.FixEngine.Session.FIXEDGE-SC2.SecurityGroups = FixLayer.FixEngine.Session.FIXEDGE-SC2.StorageType = persistentmm FixLayer.FixEngine.Session.FIXEDGE-SC2.TargetCompID = SC2 FixLayer.FixEngine.Session.FIXEDGE-SC2.TargetLocationID = FixLayer.FixEngine.Session.FIXEDGE-SC2.TargetSubID = FixLayer.FixEngine.Session.FIXEDGE-SC2.TcpBufferDisabled = false
BL_Config.xml
<Rule> <Source Name="FIXEDGE-SC1"/> <Action> <Send Name="FIXEDGE-SC2" /> </Action> </Rule> <Rule> <Source Name="FIXEDGE-SC2"/> <Action> <Send Name="FIXEDGE-SC1" /> </Action> </Rule>
stunnel.conf
[ToStockExchange] protocol = proxy client = yes accept = 127.0.0.1:444 connect = x.x.x.x:443 [FromBroker] protocol = proxy accept = y.y.y.y:443 connect = 127.0.0.1:8901
Server B (BROKER) Configuration
stunnel.conf
[FromBrokerToFIXEdge] protocol = proxy client = yes accept = 127.0.0.1:444 connect = y.y.y.y:443 [FromFIXEdgeToStockExchange] protocol = proxy accept = x.x.x.x:443 connect = 127.0.0.1:9106
SimpleClient #1 conf
SenderCompID = SC1 TargetCompID = FIXEDGE Remote host = 127.0.0.1 Remote port = 444
Set ListenPort in engine.properties to 9107 (ListenPort = 9107)
SimpleClient #2 conf
Set ListenPort in engine.properties to 9106 (ListenPort = 9106)
How to use
- Start SimpleClient #2
- Start FIXEdge - session between FIXEdge and SimpleClient #2 (SC2) should be established
- Start SimpleClient #1 (SC1) and establish session with FIXEdge using parameters from point 3
- Send application level messages from SimpleClient #1 - message will be routed to SimpleClient #2
- Send application level messages from SimpleClient #2 - message will be routed to SimpleClient #1