{{Quickfixn}} SSL help

Ravi Arcot ravi at kynex.com
Wed Jun 10 10:35:06 PDT 2020 

The following settings in the initiator.cfg worked for us.

SSLEnable=Y
SSLProtocols=Tls12
SSLValidateCertificates=N
SSLCheckCertificateRevocation=N
SSLCertificate=Pathname for the .pfx file
SSLCertificatePassword=Password provided by the entity generating the certificate

We did have success with .pem file in stunnel config but prefer the initiator.cfg to do the job and keep the config in one place and avoid an additional moving part.

We were not very successful with other parameter values in initiator config due to interference with windows OS. The most troubling is saying not to validate certificate and we chose to live with it and avoid aggravation with windows settings.

Best


Ravi Arcot

***********************************************************************************
The information in this e-mail message may be privileged, confidential, and protected from disclosure. If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited. If you think that you have received this e-mail message in error, please e-mail the sender and delete all copies. Thank you.

***********************************************************************************

From: Quickfixn [mailto:quickfixn-bounces at lists.quickfixn.com] On Behalf Of Grant Birchmeier
Sent: Wednesday, June 10, 2020 12:38 PM
To: Mailing list for QuickFIX/n <quickfixn at lists.quickfixn.com>
Subject: Re: {{Quickfixn}} SSL help

Hope nobody's waiting for me to jump in.  I am not well-versed in this SSL part.

All I can do is point you at http://quickfixn.org/tutorial/configuration.html#ssl<https://url.emailprotection.link/?bUSxmmm4yxkw1Vt9XwO70V5FmcjMQc7DoQ4IjA1QRrCZSXby0jt57A6RHFDFj-HX8C3vFjLJoBUFpCcW4I2gn6_X9PUZ8UvlaKLhbsE6YOjIf8X7D497_O1qkW9a3fTwD>

If that doesn't work, might be quicker to configure a Stunnel instance if you can't get an answer here.

(Also, Sagar, please write new subject lines for new questions.)

-Grant



On Wed, Jun 10, 2020 at 11:23 AM sagar kohli <sagar.kkohli at gmail.com<mailto:sagar.kkohli at gmail.com>> wrote:
Hi Team,

Any help would be appreciated.

Thanks & Regards
Sagar
On Wed, Jun 10, 2020, 7:13 PM sagar kohli <sagar.kkohli at gmail.com<mailto:sagar.kkohli at gmail.com>> wrote:
Hi,

I have created a initiator, and now need to implement ssl for making communication secure. We are basically interacting with ecn and they have shared certificates with ext jks, pem and pkcs12. Require help to implement it. And do we need to install cert or can we directly specify location of cert. Also know we can set the values of below ssl parameters in configuration
SslEnable
SslValidateCertificate
SslProtocols
SslCertificate
SslCertificatePassword

I have used pkcs12 cert and specified the values of above parameter but in logs see repeated line

Connecting to IP(client ip) on port no

Need help

Thanks
Sagar Kohli


--
Grant Birchmeier
Connamara Systems, LLC
Made-To-Measure Trading Solutions.
Exactly what you need. No more. No less.
http://connamara.com<https://url.emailprotection.link/?buygN6sbmbftv9v4SWTdoMIwcX4BofB-RlbYpJqLvqJc--QJr4IftPtRv0wronsfWeYIlI80GyaqLnLdYu24sgg~~>

This email, along with any attachments, is confidential. If you believe you received this message in error, please contact the sender immediately and delete all copies of the message. Thank you from Connamara Systems, LLC.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.quickfixn.com/pipermail/quickfixn-quickfixn.com/attachments/20200610/22307573/attachment.htm>

More information about the Quickfixn mailing list