How to configure secure connection for FIX session
FIX Antenna Java supports configuring secure transport separately for each initiator session. The same configuration options can be defined for the SSLFIXServer instance (will be applied to acceptor sessions, initialized by this server instance).
Please check a list of configuration options below:
| Property | Description | Default value |
|---|---|---|
| enableSSL | Enables or disables secure transport for an initiator session. | false |
| keyStorePath | Path to a Keystore, which contains private keys for secure connection | |
| keyStorePassword | Keystore password | |
| trustStorePath | Path to a Truststore. Usually contains a chain of trusted certificates. | |
| trustStorePassword | Truststore password | |
| sslKeystoreType | The type of Keystore. See the Keystore section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard types. Examples of value: JKS, JCEKS, PKCS12, PKCS11 | JKS |
| sslTruststoreType | The type of Truststore. See the KeyStore section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard types. Examples of value: JKS, JCEKS, PKCS12, PKCS11 | JKS |
| sslKeystoreKeyAlias | Alias filter for used entities in Keystore. The only keys with defined alias will be used for a secure connection if this property is defined. Note: sslKeystoreKeyAlias is case-sensitive, but the Keytool saves upper case letters to the alias only when parameter -storetype CaseExactJKS is given while creating the KeyStore. | |
| sslTruststoreKeyAlias | Alias filter for used entities in Truststore. The only certificates with defined alias will be used for a secure connection if this property is defined. | |
| sslProtocol | SSL protocol. See the SSLContext section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard protocol names. Examples of value: SSL, SSLv2, SSLv3, TLS, TLSv1, TLSv1.1, TLSv1.2. | TLSv1.2 |
| keyManagerAlgorithm | Key manager factory algorithm name (see Customizing the Default Key Managers and Trust Managers). Possible values are SunX509, PKIX. | SunX509 |
| trustManagerAlgorithm | Trust manager factory algorithm name (see Customizing the Default Key Managers and Trust Managers). Possible values are SunX509, PKIX. | SunX509 |
| sslServerNeedClientAuth | Define if authentication is required for the server-side socket. This option is working only for the SSLFIXServer instance. | false |
The sample of creating an initiator FIX session with secure connection:
// Creating connection parameters for initiator
SessionParameters params = new SessionParameters();
params.setHost("localhost");
params.setPort(3000);
params.setSenderCompId("initiator");
params.setTargetCompId("target");
// Define options for secure connection
params.getConfiguration().setProperty(Configuration.ENABLE_SSL, "true");
params.getConfiguration().setProperty(Configuration.KEY_STORE_PATH, "etc/keystore.jks");
params.getConfiguration().setProperty(Configuration.KEY_STORE_PASSWORD, "keypass");
params.getConfiguration().setProperty(Configuration.TRUST_STORE_PATH, "etc/truststore.jks");
params.getConfiguration().setProperty(Configuration.TRUST_STORE_PASSWORD, "trustpass");
// Create and establish secure connection
FIXSession fixSession = params.createInitiatorSession();
fixSession.connect();