{{Quickfixn}} Using Tls 1.2 with QuickFix/n [External]
Somanathannair, Sujith
Sujith.Somanathannair at Blackstone.com
Fri May 31 14:13:11 PDT 2019
Bloomberg said it should be Tls 1.2 and we are not sending that.
But I also tried Tls 1.3 with no success
.cfg file
----------------
[DEFAULT]
ConnectionType=initiator
ReconnectInterval=2
FileStorePath=store
FileLogPath=log
StartTime=12:00:00
EndTime=23:00:00
UseDataDictionary=N
DataDictionary=../../spec/fix/FIX44.xml
SocketConnectHost=<ipaddress>
SocketConnectPort=<port>
LogoutTimeout=5
[SESSION]
BeginString=FIX.4.4
SenderCompID=MAP_<MYCOMP>_BETA
TargetCompID=MAP_BLP_BETA
HeartBtInt=30
SSLEnable=Y
SSLProtocols=Tls12
SSLCertificate=<localpath>/cert/pkcs12/cert.pfx
SSLCertificatePassword=******
-------------
Also,
The error I see is
<event> Remote certificate was not recognized as a valid certificate: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
<event> Unable to perform authentication against server: The remote certificate is invalid according to the validation procedure.
<event> Connection failed (AuthenticationException): The remote certificate is invalid according to the validation procedure.
Tls 1.2 was mentioned by a Bloomberg support person.
If I provide
SSLValidateCertificates=N
it’s connecting.
But the documentation says it’s a security risk. Is it ok to do if I am connecting as the initiator?
Thanks,
Sujith
From: Quickfixn [mailto:quickfixn-bounces at lists.quickfixn.com] On Behalf Of Mike Gatny
Sent: Friday, May 31, 2019 4:43 PM
To: Mailing list for QuickFIX/n
Subject: Re: {{Quickfixn}} Using Tls 1.2 with QuickFix/n [External]
Are you sure Bloomberg wants you to set SSLProtocols=Tls12? Some parts of Bloomberg (e.g. EMSX) explicitly no longer allow Tls12 and require at least Tls13.
I have used the SSLProtocols setting with Bloomberg (again, EMSX) and it definitely works with qf/n v1.8. Can you post your (redacted as needed) config file, messages log, and event log? Also, which version of qf/n are you on?
--
Mike Gatny
Connamara Systems
On Fri, May 31, 2019 at 3:11 PM Somanathannair, Sujith <Sujith.Somanathannair at blackstone.com<mailto:Sujith.Somanathannair at blackstone.com>> wrote:
I am trying to use QuickFix/N with Bloomberg and our Certs validation fails. Bloomberg says we are NOT using Tls 1.2 but I have ‘SSLProtocols=tls12’ under [SESSION]
Do you know what else is needed.
Do you use ServicePointManager.SecurityProtocol? When I check this value under IApplication:OnCreate(), I see the value as SystemDefault. Overriding this didn’t help though.
Thanks,
Sujith
________________________________
This e-mail communication is intended only for the addressee(s) named above and any others who have been specifically authorized to receive it and may contain information that is privileged, confidential or otherwise protected from disclosure. Please refer to www.blackstone.com/email-disclaimer<http://www.blackstone.com/email-disclaimer> for important disclosures regarding this electronic communication, including information if you are not the intended recipient of this communication.
_______________________________________________
Quickfixn mailing list
Quickfixn at lists.quickfixn.com<mailto:Quickfixn at lists.quickfixn.com>
http://lists.quickfixn.com/listinfo.cgi/quickfixn-quickfixn.com
________________________________
This e-mail communication is intended only for the addressee(s) named above and any others who have been specifically authorized to receive it and may contain information that is privileged, confidential or otherwise protected from disclosure. Please refer to www.blackstone.com/email-disclaimer<http://www.blackstone.com/email-disclaimer> for important disclosures regarding this electronic communication, including information if you are not the intended recipient of this communication.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.quickfixn.com/pipermail/quickfixn-quickfixn.com/attachments/20190531/337729af/attachment.htm>
More information about the Quickfixn
mailing list