{{Quickfixn}} TLS 1.2 authentication
Grant Birchmeier
gbirchmeier at connamara.com
Wed Aug 14 07:51:27 PDT 2019
You're the first person to mention it.
We're always open to pull requests. I would really appreciate it, because
this particular topic is not something I specialize in.
On Wed, Aug 14, 2019 at 9:01 AM Campbell Wild <Campbell.Wild at ihsmarkit.com>
wrote:
> Good afternoon.
>
> As far as I can tell, when QuickFIX/n attempts to authenticate using TLS,
> the * clientCertificates* it passes as a parameter in
> *SSLStreamFactory.CreateClientStreamAndAuthenticate* will only ever pass
> a single certificate.
>
> *SSLStreamFactory.GetClientCertificates* adds a single certificate to the
> collection from *StreamFactory.LoadCertificate*, which loads the first
> valid certificate from the store, or loads a certificate from file.
>
> The IETC RFC for TLS1.2 specifies (in
> https://tools.ietf.org/html/rfc5246#section-7.4.6) that "This message
> conveys the client's certificate *chain* to the server"
>
> This seems to suggest that QuickFIX/n is not TLS1.2 compliant.
>
> Whilst the current approach works for some connections, others (such as
> MarketAxess) are rejecting the connection as they require the full
> certificate chain to be present, as per the RFC.
>
> Is this a known issue, and are there any plans to address?
>
> Thanks,
> Campbell
>
>
>
> ------------------------------
>
> This e-mail, including accompanying communications and attachments, is
> strictly confidential and only for the intended recipient. Any retention,
> use or disclosure not expressly authorised by IHSMarkit is prohibited. This
> email is subject to all waivers and other terms at the following link:
> https://ihsmarkit.com/Legal/EmailDisclaimer.html
>
> Please visit www.ihsmarkit.com/about/contact-us.html for contact
> information on our offices worldwide.
> _______________________________________________
> Quickfixn mailing list
> Quickfixn at lists.quickfixn.com
> http://lists.quickfixn.com/listinfo.cgi/quickfixn-quickfixn.com
>
--
Grant Birchmeier
*Connamara Systems, LLC*
*Made-To-Measure Trading Solutions.*
Exactly what you need. No more. No less.
http://connamara.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.quickfixn.com/pipermail/quickfixn-quickfixn.com/attachments/20190814/49b48d6d/attachment.htm>
More information about the Quickfixn
mailing list