Menu
▾
▴
Re: [Quickfixj-users] SSL Configuration
|
From: <eri...@th...> - 2018-06-19 21:01:20
|
I’m on 1.6.4. (Mainly because I am waiting for 2.1, which should have my PR) and Java 8. I have looked at the same page for 1.6.4. When you say the counterparty provided a certificate, do you mean a certificate that you put in the trusted store? I want to accept connection and force them to be encrypted. Nothing more complicated than that. > On Jun 19, 2018, at 16:56, Christoph John <chr...@ma...> wrote: > > Hi, > > I assume you have already checked the following page: https://urldefense.proofpoint.com/v2/url?u=https-3A__quickfixj.org_usermanual_2.0.0__usage_secure-5Fcommunications.html&d=DwIFaQ&c=4ZIZThykDLcoWk-GVjSLmy8-1Cr1I4FWIvbLFebwKgY&r=o7YI_4EZ5O7Q26HQ0aGkeNUy9E1BdEn0Yexsn39zMH1c1bf_uqj8xspuBPRHBi8O&m=3HYYWXGXrELFp0n0n6F73-FIYlJqp8jYN8qFwrCjnlw&s=sSTe4DlDhQjgPuMO6k1XaWyj_YJaVQNxr23Nq_KlCy4&e= > > There also is a test SSLCertificateTest in the repo that has some examples. > > IIRC I only configured the Initiator side of a FIX connection for SSL and used a keystore. The counterparty provided the certificate. > > I also assume that you use a current Java version on both sides of the connection? Older versions might not support some ciphers. > > Cheers, > Chris. > > Am 19. Juni 2018 20:39:30 MESZ schrieb eri...@th...: >> QuickFIX/J Documentation: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.quickfixj.org_documentation_&d=DwIFaQ&c=4ZIZThykDLcoWk-GVjSLmy8-1Cr1I4FWIvbLFebwKgY&r=o7YI_4EZ5O7Q26HQ0aGkeNUy9E1BdEn0Yexsn39zMH1c1bf_uqj8xspuBPRHBi8O&m=3HYYWXGXrELFp0n0n6F73-FIYlJqp8jYN8qFwrCjnlw&s=t3i5fJeH8OU0DExXAnJs9PdrGsSq3SXfroHRSfEOPEY&e= >> QuickFIX/J Support: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.quickfixj.org_support_&d=DwIFaQ&c=4ZIZThykDLcoWk-GVjSLmy8-1Cr1I4FWIvbLFebwKgY&r=o7YI_4EZ5O7Q26HQ0aGkeNUy9E1BdEn0Yexsn39zMH1c1bf_uqj8xspuBPRHBi8O&m=3HYYWXGXrELFp0n0n6F73-FIYlJqp8jYN8qFwrCjnlw&s=bn2FO12yz_pzSSVMVK3cBu_Z2a7WbEu-Dl3FqIivpU0&e= >> >> >> I’m having a hard time getting SSL working on Linux. >> >> I’m trying to use a self-signed certificate on a Acceptor. >> >> I generated a keystore with: >> >> keytool -genkey -keyalg RSA -alias foobar -keystore foobar.jks >> -storepass foobar -validity 360 -keysize 2048 >> >> And I am configuring the acceptor to use it with: >> >> SocketUseSSL=Y >> SocketKeyStore=foobar.jks >> SocketKeyStorePassword=foobar >> >> It seems to be opening the keystore ok, but regardless of what I try I >> end up with: >> >> Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in >> common >> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) >> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666) >> >> When I try to accept a session. >> >> 1) Do I need to configure CipherSuites? Which ones? I am having trouble >> figuring out how to figure that out. >> >> 2) Does the client need a keystore? I’m only trying to encrypt, not >> authenticate. I’ve tried it with and without, same result. >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! https://urldefense.proofpoint.com/v2/url?u=http-3A__sdm.link_slashdot&d=DwIFaQ&c=4ZIZThykDLcoWk-GVjSLmy8-1Cr1I4FWIvbLFebwKgY&r=o7YI_4EZ5O7Q26HQ0aGkeNUy9E1BdEn0Yexsn39zMH1c1bf_uqj8xspuBPRHBi8O&m=3HYYWXGXrELFp0n0n6F73-FIYlJqp8jYN8qFwrCjnlw&s=Fk532B4FE9KmFkWCh_DwlzbuM70u46buQAy50WlI5sE&e= >> _______________________________________________ >> Quickfixj-users mailing list >> Qui...@li... >> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_quickfixj-2Dusers&d=DwIFaQ&c=4ZIZThykDLcoWk-GVjSLmy8-1Cr1I4FWIvbLFebwKgY&r=o7YI_4EZ5O7Q26HQ0aGkeNUy9E1BdEn0Yexsn39zMH1c1bf_uqj8xspuBPRHBi8O&m=3HYYWXGXrELFp0n0n6F73-FIYlJqp8jYN8qFwrCjnlw&s=q6T7mJGRH34yJiwvNAP2vP6_7UHrAgiLFg3eV_n9_-k&e= |
