Re: [Quickfixj-users] SSL tunnelling

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Nick,

This sounds good. One suggestion is to investigate how to support adding
/any/ MINA filter. There's a Jira issue (feature request) for this
capability. We could still have special support for SSL to make it
easier to configure. I'd played with MINA SSL a little but we just
recently upgraded to 0.9.x and I haven't much time to do much with
it.

I added a placeholder page to the wiki's wish list for integrated
SSL support. Could you start writing your thoughts there? For
the stunnel, it would be great if you could write a short (even
a 1/2 page would be good) description/tutorial, it would be a good
addition to the list of "tips and tricks" articles on the wiki. One
thing to note on the SSL support is that Java 5 or newer is required.
AFAIK, there is not problem running QFJ with Java 5.

For the conventions related to configuration properties, look at
the existing configuration documentation and it should be mostly
clear.

Steve

> -----Original Message-----
> From: qui...@li... 
> [mailto:qui...@li...] On 
> Behalf Of Nick Fortescue
> Sent: Wednesday, June 14, 2006 5:27 PM
> To: qui...@li...
> Subject: Re: [Quickfixj-users] SSL tunnelling
> 
> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/ OK, 
> I've done some experimenting in the absence of a reply. I 
> thought I'd summarize here for the benefit of the archive, 
> and also make a suggestion.
> 
> Firstly stunnel works fine. With the help of the instructions 
> at http://faq.gotomyvnc.com/fom-serve/cache/33.html setting 
> it up was very easy, and the Executor/Banzai pair tunnelled 
> fine and worked perfectly.
> 
> As far as using the abilities of Mina, it seems a shame not 
> to, as this would save setting up a port just for tunnelling, 
> and also make it easy to turn on and off via the config file. 
> The process seems fairly
> straightforward:
> 
> 1) Adapt the settings config file so it had an SSL option. 
> For example SocketUseSSL=Y. Maybe some options for choosing a 
> key file would be needed.
> 2) Add the Mina-Filter SSL to the optional/test jars.
> 3) Add acceptance tests that this was being used and did 
> connect using SSL
> 4) Modify AbstractSocketAcceptor.getIoAcceptor(...) to use 
> the SSL filter if specified in the settings.
> 5) Modify AbstractSocketInitiator.getIoAcceptor(...) to use 
> the SSL filter if specified in the settings.
> 
> Some questions:
> 1) Does this seem architecturally like the right thing to do 
> and the right way to do it?
> 2) If I did it would it be a useful thing to contribute?
> 3) Are there any conventions for things like config settings 
> names, coding style etc, that I ought to be aware of?
> 
> Nick
> 
> 
> -----Original Message-----
> From: qui...@li...
> [mailto:qui...@li...] On 
> Behalf Of Nick Fortescue
> Sent: 14 June 2006 14:44
> To: qui...@li...
> Subject: [Quickfixj-users] SSL tunnelling
> 
> Forgive me if this is an FAQ, I couldn't find it.
> 
> There seem to be two obvious ways to do SSL tunnelling with 
> quickfixj. 
> 
> - I could use stunnel (http://www.stunnel.org/) 
> 
> - I could use SSL tunnelling from MINA, for example, like this example
> code:
> http://svn.apache.org/viewvc/directory/trunks/mina/examples/sr
> c/main/jav
> a/org/apache/mina/examples/echoserver/Main.java?revision=40006
> 8&view=mar
> kup
> 
> I wondered if anyone had any experience with either of these, 
> and whether one or the other was particularly recommended. Or 
> whether there was a third option I was missing.
> 
> Thanks,
> 
> Nick
> 
> 
> _______________________________________________
> Quickfixj-users mailing list
> Qui...@li...
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
> 