 |
OnixS C++ FIX Engine
4.12.0
API Documentation
|
|
OnixS C++ FIX Engine
4.12.0
API Documentation
|
For security in FIX messaging, C++ FIX Engine provides the ability to encrypt FIX connections with the SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols. SSL v3.0, TLS v1.0, v1.1, v1.2, v1.3 are supported. The actual protocol and version are chosen automatically by a server side during the TLS/SSL Handshake. The client sends the highest version number that is supported and the server sends the highest version number that is supported by both sides. This is the protocol version that will be used during the connection.
To use TLS/SSL in FIX connectivity, the following steps should be taken:
SSL.CertificateFile and SSL.PrivateKeyFile parameters in Engine configuration settings. They can refer to the same file if it contains both the TLS/SSL certificate and the private key. Also, SSL.CertificateFile parameter can refer to a certificate chain file with multiple CA certificates.newEncryptionMethod parameter value right after the creation of the OnixS::FIX::Session object.By default, a server side automatically chooses the actual TLS/SSL protocol and version during the TLS/SSL Handshake. However, some erroneous or more restricted servers, which allow only the specific protocol version, can reject TLS/SSL connections acting in such an algorithm. In such cases, the client can limit the TLS/SSL protocol versions to be used. For this purpose, SSL.MinProtocolVersion and SSL.MaxProtocolVersion parameters of Engine configuration settings can be used. Also, there are corresponding session-level OnixS::FIX::Session::sslMinProtocolVersion and OnixS::FIX::Session::sslMaxProtocolVersion settings: