{{Quickfixn}} Tls1.2 connection to bloomberg does not send a logon

Ravi Arcot ravi at kynex.com
Mon Aug 26 12:10:25 PDT 2019 

Thank you Jose. We got it working with your suggestion.

Ravi Arcot

***********************************************************************************
The information in this e-mail message may be privileged, confidential, and protected from disclosure. If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited. If you think that you have received this e-mail message in error, please e-mail the sender and delete all copies. Thank you.

***********************************************************************************

From: Quickfixn [mailto:quickfixn-bounces at lists.quickfixn.com] On Behalf Of José Antônio Fonseca
Sent: Tuesday, August 06, 2019 5:43 AM
To: 'Mailing list for QuickFIX/n' <quickfixn at lists.quickfixn.com>
Subject: Re: {{Quickfixn}} Tls1.2 connection to bloomberg does not send a logon

Hi there,

Try not validating the certificates.

And use pfx files for the certificate.

SSLValidateCertificates=N

Regards,

José Fonseca

From: Quickfixn <quickfixn-bounces at lists.quickfixn.com<mailto:quickfixn-bounces at lists.quickfixn.com>> On Behalf Of Matthias Güntert
Sent: terça-feira, 6 de agosto de 2019 03:39
To: Mailing list for QuickFIX/n <quickfixn at lists.quickfixn.com<mailto:quickfixn at lists.quickfixn.com>>
Subject: Re: {{Quickfixn}} Tls1.2 connection to bloomberg does not send a logon

Try the following in your class that implements IApplication...

        public void ToAdmin(Message message, SessionID sessionId)
        {
            if (message.Header.GetField(35) == MsgType.LOGON)
            {
                message.Header.SetField("Username");
                message.Header.SetField("Password");
            }
        }

Best, Matthias

Von: Quickfixn [mailto:quickfixn-bounces at lists.quickfixn.com] Im Auftrag von Ravi Arcot
Gesendet: Montag, 5. August 2019 22:53
An: quickfixn at lists.quickfixn.com<mailto:quickfixn at lists.quickfixn.com>
Betreff: {{Quickfixn}} Tls1.2 connection to bloomberg does not send a logon

We are using QuickFix/n Version 1.7 and attempting to connect to Bloomberg with their Tls certificate. We are the initiator and Bloomberg is the acceptor. The engine creates the session and does not logon. Bloomberg network engineers say they see the Tls handshake and acknowledgement but no logon attempt. We attempted the following configuration(s) in the initiator.cfg.

[SESSION]
..
..
SSLEnable=Y
SSLProtocols=Tls12
SSLValidateCertificates=Y
SSLCheckCertificateRevocation=N
SSLCertificate=C:/KynApps/KynexFixService/certs/cert.pfx
SSLCertificatePassword=xxxxxxx

We also tried

[SESSION]
..
..
SSLEnable=Y
SSLProtocols=Tls12
SSLValidateCertificates=Y
SSLCheckCertificateRevocation=N
SSLCertificate=C:/KynApps/KynexFixService/certs/cert.pem
SSLCertificatePassword=xxxxxxxxxxxxx
SSLCACertificate=C:/KynApps/KynexFixService/certs/CACerts.pem
SSLRequireClientCertificate=Y


If we remove the SSL configs in the quickfix config file and create a stunnel with the pem certificates, it establishes the session fine. We prefer to go direct from engine without stunnel.

Appreciate any suggestions on what might be going on if others have gone down this path and found a resolution.

Thank you in advance.

Best

Ravi Arcot
201.796.4900
ravi at kynex.com<mailto:ravi at kynex.com>

***********************************************************************************
The information in this e-mail message may be privileged, confidential, and protected from disclosure. If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited. If you think that you have received this e-mail message in error, please e-mail the sender and delete all copies. Thank you.

***********************************************************************************


*****************************************************
This e-mail may contain confidential material. It is intended only for the person or entity which it is addressed to. In case you should not be supposed to get this e-mail we ask you to delete it without taking notice of its content. Any views or opinions expressed in this e-mail are those of the sender and do not necessarily coincide with those of The Swiss Raiffeisen Group. Therefore this e-mail does not represent a binding agreement nor an offer to deal. E-Mail transmission can be insecure and can contain errors. Information could be intercepted, corrupted, lost, destroyed, incomplete or may contain viruses. Neither The Swiss Raiffeisen Group nor the sender can accept any liability for any kind of damage as the result of viruses or transmission errors.
*****************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.quickfixn.com/pipermail/quickfixn-quickfixn.com/attachments/20190826/a83294ca/attachment.htm>

More information about the Quickfixn mailing list