Menu
▾
▴
Re: [Quickfixj-users] http://www.quickfixj.org/ is down; want to look up configuration documentation for TLS 1.2 encryption
|
From: Christoph J. <chr...@ma...> - 2017-06-29 09:23:29
|
Hi Tom, great, thanks for the update. :) Cheers, Chris. On 29/06/17 10:47, Tom Tempelaere wrote: > > Hi John, > > I ended up doing it with QuickFIX/J 1.5.3 using the JKS certificate sent by Bloomberg. The > certification zipfile they sent has four sub-folders: /cms/, /jks/, /pem/ and /pkcs12/. I copied > the /cert.jks/ file from the /jks/ subfolder to the application folder my FIX module is running > from, and supplied the following in fixengine.cfg for the session: > > SocketUseSSL=Y > > SocketKeyStore=cert.jks > > SocketKeyStorePassword=<password from jks/password.txt> > > EnabledProtocols=TLSv1.2 > > The KeyStoreType configuration setting isn’t available in 1.5.3, but apparantly QuickFIX/J takes > JKS by default. > > Thanks for your input John 😊. Much obliged! > > Kind regards, > > --- > *Tom Tempelaere > *Upsilon SA > > *From:*Christoph John [mailto:chr...@ma...] > *Sent:* 26 June 2017 10:33 > *To:* Tom...@up...; qui...@li... > *Subject:* Re: [Quickfixj-users] http://www.quickfixj.org/ is down; want to look up configuration > documentation for TLS 1.2 encryption > > Hi, > > you could check the documentation here: > https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/main/doc/usermanual/usage/configuration.html > There were some things added around SSL/TLS verification in version 1.6.3 of QFJ. So I do not know > if it will work with 1.5.3. We are using 1.6.3 to connect to Bloomberg and it works without problems. > > Here are the parameters that we use: > SocketUseSSL = Y > EnabledProtocols = TLSv1.2 > KeyStoreType = JKS > SocketKeyStore = <path to keystore> > SocketKeyStorePassword = <password> > > Hope that helps, > Chris. > > > On 26/06/17 10:01, Tom Tempelaere wrote: > > QuickFIX/J Documentation:http://www.quickfixj.org/documentation/ > > QuickFIX/J Support:http://www.quickfixj.org/support/ > > > > > Hi all, > > It seems like http://www.quickfixj.org/ is down and as it happens I need to review > configuration documentation to see how encrypting the connection using TLS 1.2 is done. This > encryption by TLS 1.2 is required by Bloomberg EMSX and there’s no way around that requirement > (policy). I am currently on QuickFIX/J version 1.5.3. > > I’ve surfed to the http://www.quickfixj.org/ site quite a few times recently and I keep > getting “Service temporarily unavailable // The server is temporarily unable to service your > request due to maintenance downtime or capacity problems. Please try again later”. I am > wondering if the site is indeed temporarily down or is this going to be permanent? > > Also, a quick review on how to set TLS 1.2 encryption in configuration and what other things > are needed to get this working, would be much appreciated. > > Kind regards, > > --- > *Tom Tempelaere > *Software Architect & IT Management. > > Upsilon SA > > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> > > > > Virus-free. www.avast.com > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> > > > /take care of the environment - print only if necessary/// > -- Christoph John Development & Support Direct: +49 241 557080-28 Mailto:Chr...@ma... http://www.macd.com <http://www.macd.com/> ---------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------- MACD GmbH Oppenhoffallee 103 D-52066 Aachen Tel: +49 241 557080-0 | Fax: +49 241 557080-10 Amtsgericht Aachen: HRB 8151 Ust.-Id: DE 813021663 Geschäftsführer: George Macdonald ---------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------- take care of the environment - print only if necessary |
