How to configure built-in SSL support for FIX sessions in FIXEdge
Overview
This article describes how to configure an SSL connection for FIX sessions.
Configuration is available for FIXEdge installations on Windows and Linux starting from FIX Antenna C++/.NET 2.13.0 and FIXEdge C++ 5.9.0 releases.
Prepare a certificate and private key for FIXEdge
The following instruction shows how to use a self-signed certificate in FIXEdge. If a certificate is ready the generation step can be skipped.
Create a self-signed SSL certificate via open SSL using the following instructions:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes -days XXX -keyout key.pem
Copy the created certificate and key to FIXEdge/FixEdge1/conf folder (or any other one).
Configure SSL Initiator in FIXEdge
Add the following properties to your FIX session in the FIXEdge.properties file pointing to certificate storage determined in the previous step:
FIXEdge supports pem, pfx (since version 6.8), and der (since version 6.8) certificates for Initiator sessions.
Minimal configuration
FIXEdge.properties
FixLayer.FixEngine.Sessions = FIXInitiator FixLayer.FixEngine.Session.FIXInitiator.Version = FIX44 FixLayer.FixEngine.Session.FIXInitiator.Role = Initiator FixLayer.FixEngine.Session.FIXInitiator.SenderCompID = FIXEdge FixLayer.FixEngine.Session.FIXInitiator.TargetCompID = Target FixLayer.FixEngine.Session.FIXInitiator.Host = *** remote host requiring SSL **** FixLayer.FixEngine.Session.FIXInitiator.Port = *** remote port **** FixLayer.FixEngine.Session.FIXInitiator.HBI = 10 # **** SSL specific configuration ***** FixLayer.FixEngine.Session.FIXInitiator.SSL = true # SSL protocol(s) to be used (comma separated list). Supported valid values: SSLv2, SSLv3, TLSv1, TLSv1_1, TLSv1_2, TLSv1_3. FixLayer.FixEngine.Session.FIXInitiator.SSLProtocols = TLSv1_1, TLSv1_2
Full configuration with a certificate and private key
FIXEdge.properties
FixLayer.FixEngine.Sessions = FIXSession FixLayer.FixEngine.Session.FIXSession.Version = FIX44 FixLayer.FixEngine.Session.FIXSession.Role = Initiator FixLayer.FixEngine.Session.FIXSession.SenderCompID = SID FixLayer.FixEngine.Session.FIXSession.TargetCompID = TID FixLayer.FixEngine.Session.FIXSession.SenderSubID = SSUB FixLayer.FixEngine.Session.FIXSession.TargetSubID = TSUB FixLayer.FixEngine.Session.FIXSession.Host = *** remote host requiring SSL **** FixLayer.FixEngine.Session.FIXSession.Port = *** remote port **** FixLayer.FixEngine.Session.FIXSession.HBI = 10 # Other session parameters are intentionally omited # **** SSL specific configuration ***** FixLayer.FixEngine.Session.FIXSession.SSL = true # Path to SSL certificate FixLayer.FixEngine.Session.FIXSession.SSLCertificate = C:/B2BITS/FIXEdge/FixEdge2/conf/cert.pem # Path to SSL private key. Parameter is optional. # If it is omitted Engine tries to load private key from the same file as SSLCertificate parameter states. FixLayer.FixEngine.Session.FIXSession.SSLPrivateKey = C:/B2BITS/FIXEdge/FixEdge2/conf/key.pem # SSL protocol(s) to be used (comma separated list). Supported valid values: SSLv2, SSLv3, TLSv1, TLSv1_1, TLSv1_2, TLSv1_3. FixLayer.FixEngine.Session.FIXSession.SSLProtocols = SSLv2, SSLv3, TLSv1, TLSv1_1, TLSv1_2 FixLayer.FixEngine.Session.FIXSession.SSLCiphersList = AES+aRSA:AES+aECDH:AES+aECDSA:@STRENGTH
Please refer to the Additional properties for SSL configuration page for more information.
Configure SSL Acceptors in FIXEdge
SSL connections for acceptor sessions can be configured the same way as SSL connections for initiator sessions since FIXEdge 6.11.0 release.
Minimal configuration
FIXEdge.properties
FixLayer.FixEngine.Sessions = SSLAcceptor FixLayer.FixEngine.Session.SSLAcceptor.Version = FIX44 FixLayer.FixEngine.Session.SSLAcceptor.Role = Acceptor FixLayer.FixEngine.Session.SSLAcceptor.SenderCompID = FIXEDGE FixLayer.FixEngine.Session.SSLAcceptor.TargetCompID = CLIENT FixLayer.FixEngine.Session.SSLAcceptor.ListenPort = 9001 FixLayer.FixEngine.Session.SSLAcceptor.ListenAddress = 127.0.0.1 # **** SSL specific configuration ***** FixLayer.FixEngine.Session.SSLAcceptor.SSL = true # SSL protocol(s) to be used (comma separated list). Supported valid values: SSLv2, SSLv3, TLSv1, TLSv1_1, TLSv1_2, TLSv1_3. FixLayer.FixEngine.Session.SSLAcceptor.SSLProtocols = TLSv1_1, TLSv1_2
Full configuration with a certificate and private key
FIXEdge.properties
FixLayer.FixEngine.Sessions = SSLAcceptor FixLayer.FixEngine.Session.SSLAcceptor.Version = FIX44 FixLayer.FixEngine.Session.SSLAcceptor.Role = Acceptor FixLayer.FixEngine.Session.SSLAcceptor.SenderCompID = FIXEDGE FixLayer.FixEngine.Session.SSLAcceptor.TargetCompID = CLIENT FixLayer.FixEngine.Session.SSLAcceptor.ListenPort = 9001 FixLayer.FixEngine.Session.SSLAcceptor.ListenAddress = 127.0.0.1 # Other session parameters are intentionally omited # **** SSL specific configuration ***** FixLayer.FixEngine.Session.SSLAcceptor.SSL = true # Path to SSL certificate FixLayer.FixEngine.Session.SSLAcceptor.SSLCertificate = C:/B2BITS/FIXEdge/FixEdge2/conf/cert.pem # Path to SSL private key. Parameter is optional. # If it is omitted Engine tries to load private key from the same file as SSLCertificate parameter states. FixLayer.FixEngine.Session.SSLAcceptor.SSLPrivateKey = C:/B2BITS/FIXEdge/FixEdge2/conf/key.pem # SSL protocol(s) to be used (comma separated list). Supported valid values: SSLv2, SSLv3, TLSv1, TLSv1_1, TLSv1_2, TLSv1_3. FixLayer.FixEngine.Session.SSLAcceptor.SSLProtocols = SSLv2, SSLv3, TLSv1, TLSv1_1, TLSv1_2 FixLayer.FixEngine.Session.SSLAcceptor.SSLCiphersList = AES+aRSA:AES+aECDH:AES+aECDSA:@STRENGTH
Please refer to the Additional properties for SSL configuration page for more information.