
<div dir="auto"><div>Ahhh yes, if turning off validation works, that is the solution. It sounds dangerous but it isn't, really. It's going to skip the EKU check and chain check (which is precisely how qf/j operates, by the way).<br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, May 31, 2019, 17:13 Somanathannair, Sujith <<a href="mailto:Sujith.Somanathannair@blackstone.com">Sujith.Somanathannair@blackstone.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<div lang="EN-US" link="blue" vlink="purple">

<div class="m_-6253607768400245952WordSection1">

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Bloomberg said it should be Tls 1.2 and we are not sending that.<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">But I also tried Tls 1.3 with no success<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">.cfg file<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">----------------<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">[DEFAULT]<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">ConnectionType=initiator<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">ReconnectInterval=2<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">FileStorePath=store<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">FileLogPath=log<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">StartTime=12:00:00<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">EndTime=23:00:00<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">UseDataDictionary=N<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">DataDictionary=../../spec/fix/FIX44.xml<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">SocketConnectHost=<ipaddress><u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">SocketConnectPort=<port><u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">LogoutTimeout=5<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">[SESSION]<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">BeginString=FIX.4.4<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">SenderCompID=MAP_<MYCOMP>_BETA<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">TargetCompID=MAP_BLP_BETA<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">HeartBtInt=30

<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">SSLEnable=Y<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">SSLProtocols=Tls12<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">SSLCertificate=<localpath>/cert/pkcs12/cert.pfx<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">SSLCertificatePassword=******<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">-------------<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Also,<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">The error I see is<u></u><u></u></span></p>

<p class="MsoNormal" style="background:white">

<span style="color:black"><event> Remote certificate was not recognized as a valid certificate: RemoteCertificateNameMismatch, RemoteCertificateChainErrors<u></u><u></u></span></p>

<p class="MsoNormal" style="background:white">

<span style="color:black"><event> Unable to perform authentication against server: The remote certificate is invalid according to the validation procedure.<u></u><u></u></span></p>

<p class="MsoNormal"><span style="color:black"><event> Connection failed (AuthenticationException): The remote certificate is invalid according to the validation procedure.<u></u><u></u></span></p>

<p class="MsoNormal"><span style="color:black">Tls 1.2 was mentioned by a Bloomberg support person.<u></u><u></u></span></p>

<p class="MsoNormal"><span style="color:black"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="color:black">If I provide <u></u><u></u></span></p>

<p class="MsoNormal" style="background:#eff0f1;vertical-align:baseline"><span style="font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">SSLValidateCertificates=N</span><span style="font-size:10.0pt;font-family:Consolas;color:#242729"><u></u><u></u></span></p>

<p class="MsoNormal"><span style="color:black">it’s connecting.<u></u><u></u></span></p>

<p class="MsoNormal"><span style="color:black">But the documentation says it’s a security risk. Is it ok to do if I am connecting as the initiator?<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Thanks,<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Sujith<u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>

<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Quickfixn [mailto:<a href="mailto:quickfixn-bounces@lists.quickfixn.com" target="_blank" rel="noreferrer">quickfixn-bounces@lists.quickfixn.com</a>]

<b>On Behalf Of </b>Mike Gatny<br>

<b>Sent:</b> Friday, May 31, 2019 4:43 PM<br>

<b>To:</b> Mailing list for QuickFIX/n<br>

<b>Subject:</b> Re: {{Quickfixn}} Using Tls 1.2 with QuickFix/n [External]<u></u><u></u></span></p>

<p class="MsoNormal"><u></u> <u></u></p>

<div>

<p class="MsoNormal">Are you sure Bloomberg wants you to set <span style="font-family:"Courier New"">

SSLProtocols=Tls12</span>?  Some parts of Bloomberg (e.g. EMSX) explicitly no longer allow Tls12 and require at least Tls13.<u></u><u></u></p>

<div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

<div>

<p class="MsoNormal">I have used the SSLProtocols setting with Bloomberg (again, EMSX) and it definitely works with qf/n v1.8.  Can you post your (redacted as needed) config file, messages log, and event log?  Also, which version of qf/n are you on?<u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><br clear="all">

<u></u><u></u></p>

<div>

<div>

<div>

<div>

<div>

<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">--</span><u></u><u></u></p>

</div>

<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">Mike Gatny</span><u></u><u></u></p>

</div>

<div>

<p class="MsoNormal"><span style="font-family:"Arial","sans-serif"">Connamara Systems</span><u></u><u></u></p>

</div>

</div>

</div>

</div>

<p class="MsoNormal"><u></u> <u></u></p>

</div>

</div>

<p class="MsoNormal"><u></u> <u></u></p>

<div>

<div>

<p class="MsoNormal">On Fri, May 31, 2019 at 3:11 PM Somanathannair, Sujith <<a href="mailto:Sujith.Somanathannair@blackstone.com" target="_blank" rel="noreferrer">Sujith.Somanathannair@blackstone.com</a>> wrote:<u></u><u></u></p>

</div>

<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">

<div>

<div>

<p class="MsoNormal">I am trying to use QuickFix/N with Bloomberg and our Certs validation fails. Bloomberg says we are NOT using Tls 1.2 but I have ‘SSLProtocols=tls12’ under [SESSION]

<u></u><u></u></p>

<p class="MsoNormal">Do you know what else is needed.<u></u><u></u></p>

<p class="MsoNormal"> <u></u><u></u></p>

<p class="MsoNormal">Do you use

<span style="font-size:9.5pt;font-family:Consolas;color:green">ServicePointManager.SecurityProtocol</span>? When I check this value under IApplication:OnCreate(), I see the value as SystemDefault. Overriding this didn’t help though.<u></u><u></u></p>

<p class="MsoNormal"> <u></u><u></u></p>

<p class="MsoNormal">Thanks,<u></u><u></u></p>

<p class="MsoNormal">Sujith<u></u><u></u></p>

</div>

<p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p>

<div class="MsoNormal" align="center" style="text-align:center">

<hr size="3" width="100%" align="center">

</div>

<p><span style="font-size:9.0pt">This e-mail communication is intended only for the addressee(s) named above and any others who have been specifically authorized to receive it and may contain information that is privileged, confidential or otherwise protected

 from disclosure. Please refer to <a href="http://www.blackstone.com/email-disclaimer" target="_blank" rel="noreferrer">

www.blackstone.com/email-disclaimer</a> for important disclosures regarding this electronic communication, including information if you are not the intended recipient of this communication.<u></u><u></u></span></p>

</div>

<p class="MsoNormal">_______________________________________________<br>

Quickfixn mailing list<br>

<a href="mailto:Quickfixn@lists.quickfixn.com" target="_blank" rel="noreferrer">Quickfixn@lists.quickfixn.com</a><br>

<a href="http://lists.quickfixn.com/listinfo.cgi/quickfixn-quickfixn.com" target="_blank" rel="noreferrer">http://lists.quickfixn.com/listinfo.cgi/quickfixn-quickfixn.com</a><u></u><u></u></p>

</blockquote>

</div>

</div>

<br>

<br>

<hr>

<p style="font-size:75%">This e-mail communication is intended only for the addressee(s) named above and any others who have been specifically authorized to receive it and may contain information that is privileged, confidential or otherwise protected from

 disclosure. Please refer to <a href="http://www.blackstone.com/email-disclaimer" target="_blank" rel="noreferrer">

www.blackstone.com/email-disclaimer</a> for important disclosures regarding this electronic communication, including information if you are not the intended recipient of this communication.</p>

</div>


_______________________________________________<br>

Quickfixn mailing list<br>

<a href="mailto:Quickfixn@lists.quickfixn.com" target="_blank" rel="noreferrer">Quickfixn@lists.quickfixn.com</a><br>

<a href="http://lists.quickfixn.com/listinfo.cgi/quickfixn-quickfixn.com" rel="noreferrer noreferrer" target="_blank">http://lists.quickfixn.com/listinfo.cgi/quickfixn-quickfixn.com</a><br>

</blockquote></div></div></div>