Using TLS/SSL Encryption in Session Connections

For security in FIX messaging, C++ FIX Engine provides the ability to encrypt FIX connections with the SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols. SSL v3.0, TLS v1.0, v1.1, v1.2 are supported. The actual protocol and version are chosen automatically by a server side during the TLS/SSL Handshake. The client sends the highest version number that is supported and the server sends the highest version number that is supported by both sides. This is the protocol version that will be used during the connection.

Encrypting FIX Connections with TLS/SSL

To use TLS/SSL in FIX connectivity, the following steps should be taken:

1. If the counterparty requires client-side TLS/SSL certificate set both SSL.CertificateFile and SSL.PrivateKeyFile parameters in Engine configuration settings. They can refer to the same file if it contains both the TLS/SSL certificate and the private key. Also, SSL.CertificateFile parameter can refer to a certificate chain file with multiple CA certificates.
2. Call the OnixS::FIX::Session::encryptionMethod method with OnixS::FIX::EncryptionMethod::SSL as newEncryptionMethod parameter value right after the creation of the OnixS::FIX::Session object.
3. Establish the FIX Connection as usual.

Example

    Session session("Sender", "Target", ProtocolVersion::FIX_42, ONIXS_FIXENGINE_NULLPTR);

    session.encryptionMethod(EncryptionMethod::SSL).logonAsInitiator("localhost", 443, true);

    // Message exchange goes here..

    session.logout("TLS/SSL connection is finished.").shutdown();

See Also

• The "SIGPIPE Linux signal" article on the Troubleshooting page