Page tree
Skip to end of metadata
Go to start of metadata

Overveiw

SSL feature was added to FIX Antenna C++ in version 2.13

The following parameters were added for configuring SSL sessions:

  • Engine::SessionExtraParameters::sslContext_  in FIX Antenna C++.
  • com::b2bits::fixantenna::sessionExtraParameters::SSLContext in FIX Antenna .NET.

Using SSL in acceptor.

Parameters for SSL Acceptor are configured in properties file and can't be changed after Engine initialization. They are common for all SSL-enabled acceptors.

  • ListenSSLPort - list of comma separated ports. 
    This parameter is similar to ListenPort. It is the list of ports, where SSL connection will be accepted.
  • SSLCertificate - path to file containing certificate.
  • SSLPrivateKey -path to file containing certificate private key. Certificate and private key can be the same file. 
    Parameters are mandatory if ListenSSLPort is not empty.

    FIX Antenna supports only *.pem certificates.
  • SSLCheckPrivateKey - boolean value. 
    Set it "true" if you want to check if private key matches server certificate.
    Optional, "false" by default.
  • SSLProtocols - enabled SSL protocols .
    Valid values are: SSLv2, SSLv3, TLSv1, TLSv1_1, TLSv1_2.

    Since some security issues with SSL v3 and RC4 encryption algorithm have been discovered recently, we strongly recommend to use TLS 1.0, TLS 1.1 and TLS 1.2 protocols

  • SSLCACertificate -  path to file containing CA certificate. Parameter is optional

  • SSLRequireClientCertificate - boolean value.  
    If set to "true" then client connections without certificate will be rejected.
    Optional, "false" by default.

     

To enable SSL for acceptors just configure ListenSSLPort, SSLCertificate and SSLPrivateKey.

Typical configuration:

engine.properties
ListenSSLPort = 9106
SSLCheckPrivateKey = true
SSLCertificate = cert.pem
SSLPrivateKey = cert.pem
SSLProtocols = TLSv1, TLSv1_1, TLSv1_2

 

Using SSL in initiator in FIX Antenna C++.

To enable SSL in initiator Session just create SSL Client Context in extra parametes before creating session:

SSLQuickStart.cpp
FIXApp application;
Engine::SessionExtraParameters params;
params.sslContext_ = System::SSLClientContext();

Engine::Session* pSI =  Engine::FixEngine::singleton()->createSession( &application, "TargetCompID", "SenderCompID",  Engine::FIX44, &params );

For advanced configuration use System::SSLClientContext::loadCertificateAndPrivateKey method to specify certificate, private key paths. Set last boolean value to true to check if a private key matches the server certificate.

SSLQuickStart.cpp
System::SSLClientContext sslContext;
sslContext.loadCertificateAndPrivateKey("cert.pem", "cert.pem", true);
params.sslContext_ = sslContext;

Using SSL in initiator in FIX Antenna .NET.

To enable SSL in initiator Session create session with SSLContext paramer.

SSLQuickStart.cpp
SessionExtraParameters @params = new SessionExtraParameters();   
 
SessionExtraParameters.SSLContextParameters sslContext = new SessionExtraParameters.SSLContextParameters(); 
@params.SSLContext = sslContext; 
 
Session session = FixEngine.Instance.CreateSession(new SessionId("Sender", "Target", null), FixVersion.FIX50SP2, @params, MessageStorageType.Persistent);

For advanced configuration also specify SSL protocols to use, certificate, private key paths and set boolean value to check if a private key matches the server certificate.

SSLQuickStart.cpp
sslContext.SSLProtocolsUsed = SSLProtocols.TLSv1 | SSLProtocols.TLSv1_1 | SSLProtocols.TLSv1_2; 
sslContext.SSLCertificate = "cert.pem"; 
sslContext.SSLPrivateKey = "cert.pem"; 
sslContext.SSLCheckPrivateKey = true;

C++ Example. Simple

Server.cpp
int main(int argc, char **argv)
{
    try {
        Engine::FixEngine::InitParameters params;
        params.propertiesFileName_ = "engine.properties";
 
        // Initializes engine.
        Engine::FixEngine::init( params );

		//FIXApp class derived from Engine::Application
        FIXApp acceptor;
 		Engine::SessionExtraParameters params;
	 
        // Create FIX session instance
        Engine::Session* pSI =  Engine::FixEngine::singleton()->createSession( &acceptor, "SenderCompID", "TargetCompID", Engine::FIX44);

        // Connect session as acceptor
        pSI ->connect();
 
		//wait for data in acceptor
        string cmd;
        while( "exit" != cmd ) {
            cout << "Type 'exit' to exit > ";
            getline( cin, cmd );
        }

        // disconnect and release
        pSI->disconnectNonGracefully();
        pSI->release();
    } catch( const std::exception& ex ) {
        cout << "Error: " << ex.what() << endl;
    } catch ( ... ) {
        cout << "Unknown error." << endl;
    }
    // stop engine
    Engine::FixEngine::destroy();
    return 0;
}
Clent.cpp
int main(int argc, char **argv)
{
    try {
        // Initialize engine.
        Engine::FixEngine::init( "engine.properties" );

		//FIXApp class derived from Engine::Application
        FIXApp initiator;
 
        // Create FIX session instance with SSL.
        Engine::SessionExtraParameters params;
		params.sslContext_ = System::SSLClientContext();
        Engine::Session* pSI =  Engine::FixEngine::singleton()->createSession( &initiator, "TargetCompID", "SenderCompID",  Engine::FIX44, &params );
        // Connect session as initiator to LISTENER_IP address
        pSI->connect( 30, LISTENER_IP, 9107);
 
        // create FIX 4.4 New Order Single using the Flat model
        std::auto_ptr<Engine::FIXMessage> pMessage( Engine::FIXMsgFactory::singleton()->newSkel( Engine::FIX44, "D" ) );
        string clordid;
        Engine::UTCTimestamp::now().toFixString( &clordid );
        pMessage->set( FIXField::ClOrdID, clordid );
        pMessage->set( FIXField::Symbol, "MSFT" );
        pMessage->set( FIXField::Side, '1' ); // Buy
        pMessage->set( FIXField::OrderQty, 400 );
        pMessage->set( FIXField::OrdType, '2' ); // Limit
        pMessage->set( FIXField::Price, Engine::Decimal( 1132, -2 ) );
        pMessage->set( FIXField::TransactTime, Engine::UTCTimestamp::now() );

        // Send order to session initiator
        pSI->put( pMessage.get() );
 
		// Wait message processed.
		System::Thread::sleep(2000);
        // disconnect and release session
        pSI->disconnect();
        pSI->release();
    } catch( const std::exception& ex ) {
        cout << "Error: " << ex.what() << endl;
    } catch ( ... ) {
        cout << "Unknown error." << endl;
    }
    // stop engine
    Engine::FixEngine::destroy();
    return 0;
}

C++ Example. Advanced (configure SSL with no changes in engine.properties)

Server.cpp
int main(int argc, char **argv)
{
    try {
        Engine::FixEngine::InitParameters params;
        params.propertiesFileName_ = "engine.properties";

		// Setup SSL parameters
        params.properties_[Engine::FIXPropertiesNames::LISTEN_SSL_PORT_PARAM] = "9107";
        params.properties_[Engine::FIXPropertiesNames::LISTEN_SSL_CHECK_PRIVATE_KEY_PARAM] = "true";
        params.properties_[Engine::FIXPropertiesNames::LISTEN_SSL_CERTIFICATE_PARAM] = "cert.pem";
        params.properties_[Engine::FIXPropertiesNames::LISTEN_SSL_PRIVATE_KEY_PARAM] = "cert.pem";
        params.properties_[Engine::FIXPropertiesNames::LISTEN_SSL_PROTOCOLS_PARAM] = "TLSv1, TLSv1_1, TLSv1_2";
 
        // Initializes engine.
        Engine::FixEngine::init( params );

		//FIXApp class derived from Engine::Application
        FIXApp acceptor;
 		Engine::SessionExtraParameters params;

        // Create FIX session instance
        Engine::Session* pSI =  Engine::FixEngine::singleton()->createSession( &acceptor, "SenderCompID", "TargetCompID", Engine::FIX44, &params);

        // Connect session as acceptor
        pSI ->connect();
 
		//wait for data in acceptor
        string cmd;
        while( "exit" != cmd ) {
            cout << "Type 'exit' to exit > ";
            getline( cin, cmd );
        }

        // disconnect and release
        pSI->disconnectNonGracefully();
        pSI->release();
    } catch( const std::exception& ex ) {
        cout << "Error: " << ex.what() << endl;
    } catch ( ... ) {
        cout << "Unknown error." << endl;
    }
    // stop engine
    Engine::FixEngine::destroy();
    return 0;
}
Clent.cpp
int main(int argc, char **argv)
{
    try {
        // Initialize engine.
        Engine::FixEngine::init( "engine.properties" );

		//FIXApp class derived from Engine::Application
        FIXApp initiator;
 
        // Create FIX session instance with SSL.
        Engine::SessionExtraParameters params;
        System::SSLClientContext sslContext;
        sslContext.loadCertificateAndPrivateKey("cert.pem", "cert.pem", true);
        params.sslContext_ = sslContext;
        Engine::Session* pSI =  Engine::FixEngine::singleton()->createSession( &initiator, "TargetCompID", "SenderCompID",  Engine::FIX44, &params );
        // Connect session as initiator to LISTENER_IP address
        pSI->connect( 30, LISTENER_IP, 9107);
 
        // create FIX 4.4 New Order Single using the Flat model
        std::auto_ptr<Engine::FIXMessage> pMessage( Engine::FIXMsgFactory::singleton()->newSkel( Engine::FIX44, "D" ) );
        string clordid;
        Engine::UTCTimestamp::now().toFixString( &clordid );
        pMessage->set( FIXField::ClOrdID, clordid );
        pMessage->set( FIXField::Symbol, "MSFT" );
        pMessage->set( FIXField::Side, '1' ); // Buy
        pMessage->set( FIXField::OrderQty, 400 );
        pMessage->set( FIXField::OrdType, '2' ); // Limit
        pMessage->set( FIXField::Price, Engine::Decimal( 1132, -2 ) );
        pMessage->set( FIXField::TransactTime, Engine::UTCTimestamp::now() );

        // Send order to session initiator
        pSI->put( pMessage.get() );
 
		// Wait message processed.
		System::Thread::sleep(2000);
        // disconnect and release session
        pSI->disconnect();
        pSI->release();
    } catch( const std::exception& ex ) {
        cout << "Error: " << ex.what() << endl;
    } catch ( ... ) {
        cout << "Unknown error." << endl;
    }
    // stop engine
    Engine::FixEngine::destroy();
    return 0;
}

Also samples ./samples/FIX_QuickStart in FIX Antenna C++ package  or ./samples/SimpleClient FIX Antenna .NET in package show how to create session throught SSL connection.

 

reference

Please read FIX Antenna Quick Start Guide and Installation Guide for information about creating application with FIX Antenna C++.

There is no content with the specified labels