Re: [Quickfixj-users] SSL Configuration

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

The counterparty provided a certificate and we put it into a Java keystore and used that in the config. 

Chris. 

Am 19. Juni 2018 23:00:57 MESZ schrieb eri...@th...:
>I’m on 1.6.4. (Mainly because I am waiting for 2.1, which should have
>my PR) and Java 8.
>
>I have looked at the same page for 1.6.4.
>
>When you say the counterparty provided a certificate, do you mean a
>certificate that you put in the trusted store?
>
>I want to accept connection and force them to be encrypted. Nothing
>more complicated than that.
>
>
>> On Jun 19, 2018, at 16:56, Christoph John <chr...@ma...>
>wrote:
>> 
>> Hi,
>> 
>> I assume you have already checked the following page:
>https://urldefense.proofpoint.com/v2/url?u=https-3A__quickfixj.org_usermanual_2.0.0__usage_secure-5Fcommunications.html&d=DwIFaQ&c=4ZIZThykDLcoWk-GVjSLmy8-1Cr1I4FWIvbLFebwKgY&r=o7YI_4EZ5O7Q26HQ0aGkeNUy9E1BdEn0Yexsn39zMH1c1bf_uqj8xspuBPRHBi8O&m=3HYYWXGXrELFp0n0n6F73-FIYlJqp8jYN8qFwrCjnlw&s=sSTe4DlDhQjgPuMO6k1XaWyj_YJaVQNxr23Nq_KlCy4&e=
>
>> 
>> There also is a test SSLCertificateTest in the repo that has some
>examples. 
>> 
>> IIRC I only configured the Initiator side of a FIX connection for SSL
>and used a keystore. The counterparty provided the certificate.
>> 
>> I also assume that you use a current Java version on both sides of
>the connection? Older versions might not support some ciphers. 
>> 
>> Cheers,
>> Chris. 
>> 
>> Am 19. Juni 2018 20:39:30 MESZ schrieb
>eri...@th...:
>>> QuickFIX/J Documentation:
>https://urldefense.proofpoint.com/v2/url?u=http-3A__www.quickfixj.org_documentation_&d=DwIFaQ&c=4ZIZThykDLcoWk-GVjSLmy8-1Cr1I4FWIvbLFebwKgY&r=o7YI_4EZ5O7Q26HQ0aGkeNUy9E1BdEn0Yexsn39zMH1c1bf_uqj8xspuBPRHBi8O&m=3HYYWXGXrELFp0n0n6F73-FIYlJqp8jYN8qFwrCjnlw&s=t3i5fJeH8OU0DExXAnJs9PdrGsSq3SXfroHRSfEOPEY&e=
>
>>> QuickFIX/J Support:
>https://urldefense.proofpoint.com/v2/url?u=http-3A__www.quickfixj.org_support_&d=DwIFaQ&c=4ZIZThykDLcoWk-GVjSLmy8-1Cr1I4FWIvbLFebwKgY&r=o7YI_4EZ5O7Q26HQ0aGkeNUy9E1BdEn0Yexsn39zMH1c1bf_uqj8xspuBPRHBi8O&m=3HYYWXGXrELFp0n0n6F73-FIYlJqp8jYN8qFwrCjnlw&s=bn2FO12yz_pzSSVMVK3cBu_Z2a7WbEu-Dl3FqIivpU0&e=
>
>>> 
>>> 
>>> I’m having a hard time getting SSL working on Linux. 
>>> 
>>> I’m trying to use a self-signed certificate on a Acceptor.
>>> 
>>> I generated a keystore with:
>>> 
>>> keytool -genkey -keyalg RSA -alias foobar -keystore foobar.jks
>>> -storepass foobar -validity 360 -keysize 2048
>>> 
>>> And I am configuring the acceptor to use it with:
>>> 
>>> SocketUseSSL=Y
>>> SocketKeyStore=foobar.jks
>>> SocketKeyStorePassword=foobar
>>> 
>>> It seems to be opening the keystore ok, but regardless of what I try
>I
>>> end up with:
>>> 
>>> Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in
>>> common
>>> 	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>>> 	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
>>> 
>>> When I try to accept a session.
>>> 
>>> 1) Do I need to configure CipherSuites? Which ones? I am having
>trouble
>>> figuring out how to figure that out.
>>> 
>>> 2) Does the client need a keystore? I’m only trying to encrypt, not
>>> authenticate. I’ve tried it with and without, same result.
>>> 
>>> 
>>>
>------------------------------------------------------------------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org!
>https://urldefense.proofpoint.com/v2/url?u=http-3A__sdm.link_slashdot&d=DwIFaQ&c=4ZIZThykDLcoWk-GVjSLmy8-1Cr1I4FWIvbLFebwKgY&r=o7YI_4EZ5O7Q26HQ0aGkeNUy9E1BdEn0Yexsn39zMH1c1bf_uqj8xspuBPRHBi8O&m=3HYYWXGXrELFp0n0n6F73-FIYlJqp8jYN8qFwrCjnlw&s=Fk532B4FE9KmFkWCh_DwlzbuM70u46buQAy50WlI5sE&e=
>
>>> _______________________________________________
>>> Quickfixj-users mailing list
>>> Qui...@li...
>>>
>https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.sourceforge.net_lists_listinfo_quickfixj-2Dusers&d=DwIFaQ&c=4ZIZThykDLcoWk-GVjSLmy8-1Cr1I4FWIvbLFebwKgY&r=o7YI_4EZ5O7Q26HQ0aGkeNUy9E1BdEn0Yexsn39zMH1c1bf_uqj8xspuBPRHBi8O&m=3HYYWXGXrELFp0n0n6F73-FIYlJqp8jYN8qFwrCjnlw&s=q6T7mJGRH34yJiwvNAP2vP6_7UHrAgiLFg3eV_n9_-k&e=
>