/
How to configure secure connection for FIX session

How to configure secure connection for FIX session

Sept 12, 2022

FIX Antenna Java supports configuring secure transport separately for each initiator session. The same configuration options can be defined for the SSLFIXServer instance (will be applied to acceptor sessions, initialized by this server instance).

Please check a list of configuration options below:

Property

Description

Default value 

Property

Description

Default value 

enableSSL

Enables or disables secure transport for an initiator session.

false

keyStorePath

Path to a Keystore, which contains private keys for secure connection

 

keyStorePassword

Keystore password

 

trustStorePath

Path to a Truststore. Usually contains a chain of trusted certificates.

 

trustStorePassword

Truststore password

 

sslKeystoreType

The type of Keystore.
See the Keystore section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard types.
Examples of value: JKS, JCEKS, PKCS12, PKCS11

JKS

sslTruststoreType

The type of Truststore.
See the KeyStore section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard types.
Examples of value: JKS, JCEKS, PKCS12, PKCS11

JKS

sslKeystoreKeyAlias

Alias filter for used entities in Keystore. The only keys with defined alias will be used for a secure connection if this property is defined.

Note:

sslKeystoreKeyAlias is case-sensitive, but the Keytool saves upper case letters to the alias only when parameter -storetype CaseExactJKS is given while creating the KeyStore.

 

sslTruststoreKeyAlias

Alias filter for used entities in Truststore. The only certificates with defined alias will be used for a secure connection if this property is defined.

 

sslProtocol

SSL protocol.
See the SSLContext section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard protocol names.
Examples of value: SSL, SSLv2, SSLv3, TLS, TLSv1, TLSv1.1, TLSv1.2.

TLSv1.2

keyManagerAlgorithm

Key manager factory algorithm name (see Customizing the Default Key Managers and Trust Managers). Possible values are SunX509, PKIX.

SunX509

trustManagerAlgorithm

Trust manager factory algorithm name (see Customizing the Default Key Managers and Trust Managers). Possible values are SunX509, PKIX.

SunX509

sslServerNeedClientAuth

Define if authentication is required for the server-side socket. This option is working only for the SSLFIXServer instance.

false

The sample of creating an initiator FIX session with secure connection:

// Creating connection parameters for initiator SessionParameters params = new SessionParameters(); params.setHost("localhost"); params.setPort(3000); params.setSenderCompId("initiator"); params.setTargetCompId("target"); // Define options for secure connection params.getConfiguration().setProperty(Configuration.ENABLE_SSL, "true"); params.getConfiguration().setProperty(Configuration.KEY_STORE_PATH, "etc/keystore.jks"); params.getConfiguration().setProperty(Configuration.KEY_STORE_PASSWORD, "keypass"); params.getConfiguration().setProperty(Configuration.TRUST_STORE_PATH, "etc/truststore.jks"); params.getConfiguration().setProperty(Configuration.TRUST_STORE_PASSWORD, "trustpass"); // Create and establish secure connection FIXSession fixSession = params.createInitiatorSession(); fixSession.connect();