quickfixj-users — General mailing list for QuickFIX/J topics.

Re: [Quickfixj-users] Problem with SSL and JdK 11

[<seb...@or...>]

Hi Christoph,
Thank you for your answers, I have succeeded yesterday evening in finding a solution.

I had two problems :

·         There was a missing rule in our AWS IaaS for allowing mina to create its SSL session

·         Since Jdk11 migration, we have a libraries versions problem : mina-core-2.0.17 was used instead of mina-core-2.0.19. The 2.0.17 version was imported by another maven dependency. We force to use the more recent version. You mentionned this difference in a previous post, and you were right.

With theese two fixes, I was abled to make our module working with QuickfixJ and SSL activated on Jdk11 (amazon correto).

Thank you for your help.
Cheers,
Sebastien.

De : Christoph John <chr...@ma...>
Envoyé : mardi 2 février 2021 15:06
À : qui...@li...; MEDARD Sebastien OBS/DD <seb...@or...>
Objet : Re: [Quickfixj-users] Problem with SSL and JdK 11

Hi Sebastien,

as Philip has pointed out earlier in this thread it might as well be the case that this Exception should be ignored. https://bugs.mysql.com/bug.php?id=93590
MySQL and Netty seemed to have "solved" this by ignoring the Exception. Maybe MINA (connection framework used by QFJ) needs to do the same although it is ugly.

But hopefully your comparison against JDK 8 will lead you to a solution.

Cheers,
Chris.

On 28.01.21 10:31, seb...@or...<mailto:seb...@or...> wrote:

QuickFIX/J Documentation: http://www.quickfixj.org/documentation/

QuickFIX/J Support: http://www.quickfixj.org/support/






Hi Christoph,

Thank for your answer, I follow your suggestion, you’re right, I made the change.

I try to add my certificate in the jdk cacerts, and use it as truststore for QuickfixJ, but it don’t slove my problem.
I try another idea, get back on openjdk8, with ssl and handshake in debug mode. I got this :

2021-01-28 08:45:50.184 INFO 10 --- [ NioProcessor-1] q.mina.acceptor.AcceptorIoHandler : MINA session created: local=/172.18.12.72:1085, class org.apache.mina.transport.socket.nio.NioSocketSession, remote=/172.18.0.91:23463
NioProcessor-1, called closeOutbound()
NioProcessor-1, closeOutboundInternal()
NioProcessor-1, called closeInbound()
NioProcessor-1, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
NioProcessor-1, SEND TLSv1.2 ALERT: fatal, description = internal_error
NioProcessor-1, Exception sending alert: java.io.IOException: writer side was already closed.
NioProcessor-1, called closeOutbound()
NioProcessor-1, closeOutboundInternal()
NioProcessor-2, called closeInbound()
NioProcessor-2, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
NioProcessor-2, SEND TLSv1.2 ALERT: fatal, description = internal_error
NioProcessor-2, Exception sending alert: java.io.IOException: writer side was already closed.
NioProcessor-2, called closeOutbound()
NioProcessor-2, closeOutboundInternal()
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false

In fact it seems the errors was already present with openjdk8, but doesn’t block, because we were able to establish securised connection with QuickFixJ.
I will try to investigate on this logs.

Cheers,
Sebastien.

_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.




_______________________________________________

Quickfixj-users mailing list

Qui...@li...<mailto:Qui...@li...>

https://lists.sourceforge.net/lists/listinfo/quickfixj-users



--

Christoph John

Software Engineering

T +49 241 557080-28

chr...@ma...<mailto:chr...@ma...>



MACD GmbH

Oppenhoffallee 103

52066 Aachen, Germany

www.macd.com<http://www.macd.com>



Amtsgericht Aachen: HRB 8151

Ust.-Id: DE 813021663

Geschäftsführer: George Macdonald

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Re: [Quickfixj-users] Problem with SSL and JdK 11

[Christoph J. <chr...@ma...>]

Hi Sebastien,

as Philip has pointed out earlier in this thread it might as well be the case that this Exception 
should be ignored. https://bugs.mysql.com/bug.php?id=93590
MySQL and Netty seemed to have "solved" this by ignoring the Exception. Maybe MINA (connection 
framework used by QFJ) needs to do the same although it is ugly.

But hopefully your comparison against JDK 8 will lead you to a solution.

Cheers,
Chris.


On 28.01.21 10:31, seb...@or... wrote:
> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
>
> Hi Christoph,
>
> Thank for your answer, I follow your suggestion, you’re right, I made the change.
>
> I try to add my certificate in the jdk cacerts, and use it as truststore for QuickfixJ, but it 
> don’t slove my problem.
>
> I try another idea, get back on openjdk8, with ssl and handshake in debug mode. I got this :
>
> 2021-01-28 08:45:50.184 INFO 10 --- [ NioProcessor-1] q.mina.acceptor.AcceptorIoHandler : MINA 
> session created: local=/172.18.12.72:1085, class 
> org.apache.mina.transport.socket.nio.NioSocketSession, remote=/172.18.0.91:23463
> NioProcessor-1, called closeOutbound()
> NioProcessor-1, closeOutboundInternal()
> NioProcessor-1, called closeInbound()
> NioProcessor-1, fatal error: 80: Inbound closed before receiving peer's close_notify: possible 
> truncation attack?
> javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible 
> truncation attack?
> NioProcessor-1, SEND TLSv1.2 ALERT: fatal, description = internal_error
> NioProcessor-1, Exception sending alert: java.io.IOException: writer side was already closed.
> NioProcessor-1, called closeOutbound()
> NioProcessor-1, closeOutboundInternal()
> NioProcessor-2, called closeInbound()
> NioProcessor-2, fatal error: 80: Inbound closed before receiving peer's close_notify: possible 
> truncation attack?
> javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible 
> truncation attack?
> NioProcessor-2, SEND TLSv1.2 ALERT: fatal, description = internal_error
> NioProcessor-2, Exception sending alert: java.io.IOException: writer side was already closed.
> NioProcessor-2, called closeOutbound()
> NioProcessor-2, closeOutboundInternal()
> Using SSLEngineImpl.
> Allow unsafe renegotiation: false
> Allow legacy hello messages: true
> Is initial handshake: true
> Is secure renegotiation: false
>
> In fact it seems the errors was already present with openjdk8, but doesn’t block, because we were 
> able to establish securised connection with QuickFixJ.
>
> I will try to investigate on this logs.
>
> Cheers,
>
> Sebastien.
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>
>
> _______________________________________________
> Quickfixj-users mailing list
> Qui...@li...
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

-- 
Christoph John
Software Engineering
T +49 241 557080-28
chr...@ma...

MACD GmbH
Oppenhoffallee 103
52066 Aachen, Germany
www.macd.com

Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663
Geschäftsführer: George Macdonald

Re: [Quickfixj-users] Problem with SSL and JdK 11

[<seb...@or...>]

Hi Christoph,

Thank for your answer, I follow your suggestion, you’re right, I made the change.

I try to add my certificate in the jdk cacerts, and use it as truststore for QuickfixJ, but it don’t slove my problem.
I try another idea, get back on openjdk8, with ssl and handshake in debug mode. I got this :

2021-01-28 08:45:50.184 INFO 10 --- [ NioProcessor-1] q.mina.acceptor.AcceptorIoHandler : MINA session created: local=/172.18.12.72:1085, class org.apache.mina.transport.socket.nio.NioSocketSession, remote=/172.18.0.91:23463
NioProcessor-1, called closeOutbound()
NioProcessor-1, closeOutboundInternal()
NioProcessor-1, called closeInbound()
NioProcessor-1, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
NioProcessor-1, SEND TLSv1.2 ALERT: fatal, description = internal_error
NioProcessor-1, Exception sending alert: java.io.IOException: writer side was already closed.
NioProcessor-1, called closeOutbound()
NioProcessor-1, closeOutboundInternal()
NioProcessor-2, called closeInbound()
NioProcessor-2, fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
NioProcessor-2, SEND TLSv1.2 ALERT: fatal, description = internal_error
NioProcessor-2, Exception sending alert: java.io.IOException: writer side was already closed.
NioProcessor-2, called closeOutbound()
NioProcessor-2, closeOutboundInternal()
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false

In fact it seems the errors was already present with openjdk8, but doesn’t block, because we were able to establish securised connection with QuickFixJ.
I will try to investigate on this logs.

Cheers,
Sebastien.

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Re: [Quickfixj-users] QuickFixJ received the FXSWAP message(167=FXSWAP) from Bloomberg, then sent the different message to our client application.

[JianHe L. <jia...@me...>]

Hi Chris,

Bloomberg reply:
The FIX data dictionary xml is not updated. Please update the configuration in your QuickFIX to have the message passed through.

We had used the setting as you said:
Until Bloomberg corrects this you could use the setting ValidateUnorderedGroupFields=N.

It works!
Thank you so much .....


Best regards,
Jianhe

From: Christoph John <chr...@ma...>
Sent: Friday, January 22, 2021 6:50 PM
To: JianHe Liao <jia...@me...>; qui...@li...
Subject: Re: [Quickfixj-users] QuickFixJ received the FXSWAP message(167=FXSWAP) from Bloomberg, then sent the different message to our client application.

Hi Jianhe,

if that InstrumentLeg component is part of a repeating group, then yes, that is the problem. Field order in FIX messages is not important except in repeating groups.

You can read about it here: https://www.fixtrading.org/standards/tagvalue-online/#field-sequence-within-a-repeating-group
"Fields within repeating groups must be specified in the order that the fields are specified in the message definition."

Feel free to forward that information to Bloomberg. ;) The more people report such problems the better.

Until Bloomberg corrects this you could use the setting ValidateUnorderedGroupFields=N.

Cheers,
Chris.

On 22.01.21 09:59, JianHe Liao wrote:
Hi Chris,

The field order in message:
600=EUR/GBP
1788=1
602=EUR/GBP

The field order in DataDictionary:
<field name="LegSymbol" required="N"/>
<field name="LegSecurityID" required="N"/>
<field name="LegID" required="N"/>

[cid:image001.png@01D6F4D1.FE0A2BF0]

Is it the reason why "Out of order repeating group members, field=602" ?

Many thanks for your help !!!


Jianhe





--

Christoph John

Software Engineering

T +49 241 557080-28

chr...@ma...<mailto:chr...@ma...>



MACD GmbH

Oppenhoffallee 103

52066 Aachen, Germany

www.macd.com<http://www.macd.com>



Amtsgericht Aachen: HRB 8151

Ust.-Id: DE 813021663

Geschäftsführer: George Macdonald

Re: [Quickfixj-users] Problem with SSL and JdK 11

[Christoph J. <chr...@ma...>]

Hi,

other things to check: did you try without the -Djdk.tls.acknowledgeCloseNotify=true option?
BTW, I think in Java 11 the SSL debug needs to use this syntax: -Djavax.net.debug=ssl:handshake  
(colon instead of comma)
See e.g. 
https://colinpaice.blog/2020/04/05/using-java-djavax-net-debug-to-examine-data-flows-including-tls/

Does this produce more debug output that can be used to pinpoint the problem?

Cheers,
Chris.


On 26.01.21 22:38, seb...@or... wrote:
> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
> Hi,
>
> I use an openJdk 11 docker image to run my application, I launch the java command with theese parameters in order to use TLSv1.2 :
> -Djavax.net.debug=ssl,handshake -Djdk.tls.acknowledgeCloseNotify=true -Djdk.tls.client.protocols=TLSv1.2 -Djdk.tls.server.protocols=TLSv1.2
>
> In the configuration of quickfixJ, I use "EnabledProtocols" with value "TLSv1.2".
>
> I check the SSL log, but I don't find TLSv1.3.
> I don't know if this protocol version can be used by something, even if I force the version to 1.2 in the Jdk.
>
> Do you know how I can check if TLSv1.3 is used ?
>
> Cheers,
> Sebastien.
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>
>
>
> _______________________________________________
> Quickfixj-users mailing list
> Qui...@li...
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

-- 
Christoph John
Software Engineering
T +49 241 557080-28
chr...@ma...

MACD GmbH
Oppenhoffallee 103
52066 Aachen, Germany
www.macd.com

Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663
Geschäftsführer: George Macdonald

Re: [Quickfixj-users] Problem with SSL and JdK 11

[<seb...@or...>]

Hi,

I use an openJdk 11 docker image to run my application, I launch the java command with theese parameters in order to use TLSv1.2 : 
-Djavax.net.debug=ssl,handshake -Djdk.tls.acknowledgeCloseNotify=true -Djdk.tls.client.protocols=TLSv1.2 -Djdk.tls.server.protocols=TLSv1.2

In the configuration of quickfixJ, I use "EnabledProtocols" with value "TLSv1.2".

I check the SSL log, but I don't find TLSv1.3.
I don't know if this protocol version can be used by something, even if I force the version to 1.2 in the Jdk.

Do you know how I can check if TLSv1.3 is used ?

Cheers,
Sebastien.

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Re: [Quickfixj-users] Problem with SSL and JdK 11

[Colin D. <co...@ma...>]

Can you verify from your SSL debug logs that you are, in fact, using TLS 
v1.2 and not v1.3?

On 1/26/21 8:15 AM, seb...@or... wrote:
> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
>
> Hi,
>
> I have ugraded camel-spring-boot-dependencies to 3.0.0-RC3, it come 
> with quickfixJ-2.2.0 and mina-core-2.0.21.
>
> In fact, quickfixJ-2.2.0 include the mina-core-2.1.4, so I re-import 
> directly the mina-core-2.1.4 in my pom.xml, and then this version is 
> used.
>
> But I still have my errors
>
> INFO 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : MINA 
> session created: local=/172.18.14.166:1085, class 
> org.apache.mina.transport.socket.nio.NioSocketSession, 
> remote=/172.18.0.152:33533
> javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 16:07:43.420 
> GMT|SSLEngineImpl.java:752|Closing outbound of SSLEngine
> javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 16:07:43.421 
> GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore 
> outbound application data
>
> ERROR 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : 
> Socket (/172.18.0.152:33533): javax.net.ssl.SSLException: Improper 
> close state: Status = OK HandshakeStatus = NEED_WRAP
> bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
>
> javax.net.ssl.SSLException: Improper close state: Status = OK 
> HandshakeStatus = NEED_WRAP
> bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
> at 
> org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:498) 
> ~[mina-core-2.1.4.jar!/:na]
> at 
> org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:762) 
> ~[mina-core-2.1.4.jar!/:na]
> at 
> org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:693) 
> ~[mina-core-2.1.4.jar!/:na]
>
> javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 16:07:43.440 
> GMT|SSLEngineImpl.java:724|Closing inbound of SSLEngine
> javax.net.ssl|ERROR|3C|NioProcessor-2|2021-01-26 16:07:43.441 
> GMT|TransportContext.java:341|Fatal (INTERNAL_ERROR): closing inbound 
> before receiving peer's close_notify (
> "throwable" : {
> javax.net.ssl.SSLException: closing inbound before receiving peer's 
> close_notify
> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
>
> DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : 
> Unexpected exception from SSLEngine.closeInbound().
>
> javax.net.ssl.SSLException: closing inbound before receiving peer's 
> close_notify
> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) 
> ~[na:na]
>
> javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 16:07:43.442 
> GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore 
> outbound application data
>
> Does anyone run application with quickfixJ with SSL activated on a jdk 
> 11 ?
>
> Cheers,
>
> Sebastien.
>
> *De :*MEDARD Sebastien OBS/DD
> *Envoyé :* mardi 26 janvier 2021 14:16
> *À :* qui...@li...
> *Objet :* RE: [Quickfixj-users] Problem with SSL and JdK 11
>
> Hi,
>
> Thank for your answer.
>
> I use the dependency camel-spring-boot-dependencies:2.24.3 : 
> https://mvnrepository.com/artifact/org.apache.camel/camel-spring-boot-dependencies/2.24.3
>
> It comes with camel-quickfix-2.24.3. QuickfixJ version in this 
> dependency is 2.1.0.
>
> But you are right, this dependency come with mina.core-2.0.17 too.
>
> It seem to take place of the mina-core-2.0.19 dependency included to 
> quickfixJ-2.1.0.
>
> I tried last week to update to the last stable version of 
> camel-spring-boot-dependencies : 2.25.3, but it comes again with 
> mina-core-2.0.17.
>
> I will try to update to a more recent version of 
> camel-spring-boot-dependencies, even if it is RC.
>
> Cheers,
>
> Sebastien.
>
> *De :*Christoph John <chr...@ma... 
> <mailto:chr...@ma...>>
> *Envoyé :* mardi 26 janvier 2021 13:19
> *À :* qui...@li... 
> <mailto:qui...@li...>; MEDARD Sebastien 
> OBS/DD <seb...@or... <mailto:seb...@or...>>
> *Objet :* Re: [Quickfixj-users] Problem with SSL and JdK 11
>
> Hi,
>
> did you try a newer QFJ version? QFJ 2.2.0 contains MINA 2.1.3.
> Apart from that, you mentioned that you are using QFJ 2.1.0 but the 
> log output shows mina-core-2.0.17. QFJ 2.1.0 contains MINA 2.0.19 
> which also contained some SSL-related fixes.
>
> Cheers,
> Chris.
>
> On 26.01.21 12:42, seb...@or... 
> <mailto:seb...@or...>wrote:
>
>     QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>
>     QuickFIX/J Support: http://www.quickfixj.org/support/
>
>     Hi,
>
>     I come back with the problem of SSL error with QuickfixJ and Jdk11.
>
>     I put apache.mina in debug too, I try to change the cipher suites
>     with a stronger one which is present in jdk11, I try to use
>     another Jdk11 docker image, I try to use a jdk14 docker image.
>
>     But I’m still have the error :
>
>     DEBUG 10 --- [ NioProcessor-2]
>     org.apache.mina.filter.ssl.SslFilter : Adding the SSL Filter
>     SslFilter to the chain
>
>     DEBUG 10 --- [ NioProcessor-2]
>     org.apache.mina.filter.ssl.SslHandler : Session Server[1](no
>     sslEngine) Initializing the SSL Handler
>
>     DEBUG 10 --- [ NioProcessor-2]
>     org.apache.mina.filter.ssl.SslHandler : Session Server[1](no
>     sslEngine) SSL Handler Initialization done
>
>     DEBUG 10 --- [ NioProcessor-2]
>     org.apache.mina.filter.ssl.SslFilter : Session Server[1](ssl...) :
>     Starting the first handshake
>
>     2021-01-26 09:16:02.152 DEBUG 10 --- [ NioProcessor-2]
>     org.apache.mina.filter.ssl.SslHandler : Session Server[1](ssl...)
>     processing the NEED_UNWRAP state
>
>     INFO 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler :
>     MINA session created: local=/172.18.8.62:1085, class
>     org.apache.mina.transport.socket.nio.NioSocketSession,
>     remote=/172.18.0.152:35990
>     javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 09:16:02.154
>     GMT|SSLEngineImpl.java:752|Closing outbound of SSLEngine
>     javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 09:16:02.156
>     GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore
>     outbound application data
>
>     ERROR 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler :
>     Socket (/172.18.0.152:35990): javax.net.ssl.SSLException: Improper
>     close state: Status = OK HandshakeStatus = NEED_WRAP
>     bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
>
>     javax.net.ssl.SSLException: Improper close state: Status = OK
>     HandshakeStatus = NEED_WRAP
>     bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
>     at
>     org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502)
>     ~[mina-core-2.0.17.jar!/:na]
>     at
>     org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768)
>     ~[mina-core-2.0.17.jar!/:na]
>     at
>     org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:702)
>     ~[mina-core-2.0.17.jar!/:na]
>
>
>     …
>     javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 09:16:02.162
>     GMT|SSLEngineImpl.java:724|Closing inbound of SSLEngine
>     javax.net.ssl|ERROR|3C|NioProcessor-2|2021-01-26 09:16:02.163
>     GMT|TransportContext.java:341|Fatal (INTERNAL_ERROR): closing
>     inbound before receiving peer's close_notify (
>     "throwable" : {
>     javax.net.ssl.SSLException: closing inbound before receiving
>     peer's close_notify
>     at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
>
>     DEBUG 10 --- [ NioProcessor-2]
>     org.apache.mina.filter.ssl.SslHandler : Unexpected exception from
>     SSLEngine.closeInbound().
>     javax.net.ssl.SSLException: closing inbound before receiving
>     peer's close_notify
>     at
>     java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
>     ~[na:na]
>
>     javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 09:16:02.164
>     GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore
>     outbound application data
>
>     I get this error even if no client try to connect on my module.
>
>     If someone have suggestions or ideas on this problem, I’m interested.
>
>     Best regards,
>
>     Sebastien.
>
>     _________________________________________________________________________________________________________________________
>
>     Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
>
>     pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
>
>     a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
>
>     Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie.Merci.
>
>     This message and its attachments may contain confidential or
>     privileged information that may be protected by law;
>
>     they should not be distributed, used or copied without authorisation.
>
>     If you have received this email in error, please notify the sender
>     and delete this message and its attachments.
>
>     As emails may be altered, Orange is not liable for messages that
>     have been modified, changed or falsified.
>
>     Thank you.
>
>
>
>     _______________________________________________
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>
>
> _______________________________________________
> Quickfixj-users mailing list
> Qui...@li...
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

-- 
Colin DuPlantis
Chief Architect, Marketcetera
Download, Run, Trade
888.868.4884
https://www.marketcetera.com

Re: [Quickfixj-users] Problem with SSL and JdK 11

[<seb...@or...>]

Hi,

I have ugraded camel-spring-boot-dependencies to 3.0.0-RC3, it come with quickfixJ-2.2.0 and mina-core-2.0.21.
In fact, quickfixJ-2.2.0 include the mina-core-2.1.4, so I re-import directly the mina-core-2.1.4 in my pom.xml, and then this version is used.
But I still have my errors

INFO 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : MINA session created: local=/172.18.14.166:1085, class org.apache.mina.transport.socket.nio.NioSocketSession, remote=/172.18.0.152:33533
javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 16:07:43.420 GMT|SSLEngineImpl.java:752|Closing outbound of SSLEngine
javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 16:07:43.421 GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data

ERROR 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : Socket (/172.18.0.152:33533): javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0

javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
at org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:498) ~[mina-core-2.1.4.jar!/:na]
at org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:762) ~[mina-core-2.1.4.jar!/:na]
at org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:693) ~[mina-core-2.1.4.jar!/:na]

javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 16:07:43.440 GMT|SSLEngineImpl.java:724|Closing inbound of SSLEngine
javax.net.ssl|ERROR|3C|NioProcessor-2|2021-01-26 16:07:43.441 GMT|TransportContext.java:341|Fatal (INTERNAL_ERROR): closing inbound before receiving peer's close_notify (
"throwable" : {
javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)

DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Unexpected exception from SSLEngine.closeInbound().

javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) ~[na:na]
javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 16:07:43.442 GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data

Does anyone run application with quickfixJ with SSL activated on a jdk 11 ?

Cheers,
Sebastien.

De : MEDARD Sebastien OBS/DD
Envoyé : mardi 26 janvier 2021 14:16
À : qui...@li...
Objet : RE: [Quickfixj-users] Problem with SSL and JdK 11

Hi,

Thank for your answer.
I use the dependency camel-spring-boot-dependencies:2.24.3 : https://mvnrepository.com/artifact/org.apache.camel/camel-spring-boot-dependencies/2.24.3
It comes with camel-quickfix-2.24.3. QuickfixJ version in this dependency is 2.1.0.
But you are right, this dependency come with mina.core-2.0.17 too.
It seem to take place of the mina-core-2.0.19 dependency included to quickfixJ-2.1.0.

I tried last week to update to the last stable version of camel-spring-boot-dependencies : 2.25.3, but it comes again with mina-core-2.0.17.
I will try to update to a more recent version of camel-spring-boot-dependencies, even if it is RC.

Cheers,
Sebastien.


De : Christoph John <chr...@ma...<mailto:chr...@ma...>>
Envoyé : mardi 26 janvier 2021 13:19
À : qui...@li...<mailto:qui...@li...>; MEDARD Sebastien OBS/DD <seb...@or...<mailto:seb...@or...>>
Objet : Re: [Quickfixj-users] Problem with SSL and JdK 11

Hi,

did you try a newer QFJ version? QFJ 2.2.0 contains MINA 2.1.3.
Apart from that, you mentioned that you are using QFJ 2.1.0 but the log output shows mina-core-2.0.17. QFJ 2.1.0 contains MINA 2.0.19 which also contained some SSL-related fixes.

Cheers,
Chris.

On 26.01.21 12:42, seb...@or...<mailto:seb...@or...> wrote:

QuickFIX/J Documentation: http://www.quickfixj.org/documentation/

QuickFIX/J Support: http://www.quickfixj.org/support/





Hi,

I come back with the problem of SSL error with QuickfixJ and Jdk11.

I put apache.mina in debug too, I try to change the cipher suites with a stronger one which is present in jdk11, I try to use another Jdk11 docker image, I try to use a jdk14 docker image.
But I'm still have the error :

DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslFilter : Adding the SSL Filter SslFilter to the chain
DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Session Server[1](no sslEngine) Initializing the SSL Handler
DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Session Server[1](no sslEngine) SSL Handler Initialization done
DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslFilter : Session Server[1](ssl...) : Starting the first handshake
2021-01-26 09:16:02.152 DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Session Server[1](ssl...) processing the NEED_UNWRAP state
INFO 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : MINA session created: local=/172.18.8.62:1085, class org.apache.mina.transport.socket.nio.NioSocketSession, remote=/172.18.0.152:35990
javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 09:16:02.154 GMT|SSLEngineImpl.java:752|Closing outbound of SSLEngine
javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 09:16:02.156 GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data
ERROR 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : Socket (/172.18.0.152:35990): javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0

javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
at org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502) ~[mina-core-2.0.17.jar!/:na]
at org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768) ~[mina-core-2.0.17.jar!/:na]
at org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:702) ~[mina-core-2.0.17.jar!/:na]

...
javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 09:16:02.162 GMT|SSLEngineImpl.java:724|Closing inbound of SSLEngine
javax.net.ssl|ERROR|3C|NioProcessor-2|2021-01-26 09:16:02.163 GMT|TransportContext.java:341|Fatal (INTERNAL_ERROR): closing inbound before receiving peer's close_notify (
"throwable" : {
javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)

DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Unexpected exception from SSLEngine.closeInbound().
javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) ~[na:na]

javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 09:16:02.164 GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data

I get this error even if no client try to connect on my module.
If someone have suggestions or ideas on this problem, I'm interested.
Best regards,
Sebastien.

_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.



_______________________________________________


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Re: [Quickfixj-users] Dealing with errors when connecting through SSL

[Christoph J. <chr...@ma...>]

Hi,

you could use a SessionStateListener. See this SO post: 
https://stackoverflow.com/questions/61868398/quickfix-j-how-to-detect-when-connection-fails
However, as mentioned in that post there might be cases where this does not help. There is an issue 
for that: https://github.com/quickfix-j/quickfixj/issues/342

Please check if the SessionStateListener works for your use cases.

Cheers,
Chris.



On 26.01.21 14:33, Diana Susca wrote:
> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
>
> Hi, I am looking for some help on how to catch exceptions occurring when SSL connections fail.
>
> I am creating a desktop application that will connect to a server and send FIX messages to it.
>
> I am starting from scratch, so this application is roughly the same as the Banzai application 
> provided in the quickfix/j sources. The application successfully connects with a simple, TCP 
> connection.
>
> Now I am trying to set up a secure connection (SocketUseSSL=Y and NeedClientAuth=Y). For a simple, 
> fixed setup, everything works fine.
> But I want the desktop application to allow users to use their own keyStore and trustStore files, 
> which can be set up through a GUI.
> The GUI needs to inform the user whether the connection to the server is successful or not, 
> through a message/log screen. I want to capture all the events and errors related to establishing 
> the connection via sockets and display it to the users.
> But I cannot catch and handle the exceptions thrown when establishing the SSL connection (E.g: 
> invalid keystore password). This is because the connection is established by a different thread, 
> which, if it throws an exception, is not throwing it in the current application thread.
>
> To reproduce the issue you can run Banzai and either set an empty truststore or a truststore that 
> does not trust the server we are trying to connect.
>
> Basically the code:
> try {
> logon(initiator);
> } catch (RuntimeError | ConfigError | IOException e) {
> throw new RuntimeException("Failed to connect." + e.getMessage());
> }
>
> does not catch anything.
>
> The errors are the following:
>   Caused by: java.lang.RuntimeException: Unexpected error: 
> java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
>   Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid 
> certification path to requested target
>
>
> I would appreciate it if you had any ideas/thoughts on how this could be managed.
>
> Thank you.
>
>
>
> _______________________________________________
> Quickfixj-users mailing list
> Qui...@li...
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

-- 
Christoph John
Software Engineering
T +49 241 557080-28
chr...@ma...

MACD GmbH
Oppenhoffallee 103
52066 Aachen, Germany
www.macd.com

Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663
Geschäftsführer: George Macdonald

[Quickfixj-users] Dealing with errors when connecting through SSL

[Diana S. <dia...@gm...>]

Hi, I am looking for some help on how to catch exceptions occurring when
SSL connections fail.

I am creating a desktop application that will connect to a server and send
FIX messages to it.

I am starting from scratch, so this application is roughly the same as the
Banzai application provided in the quickfix/j sources. The application
successfully connects with a simple, TCP connection.

Now I am trying to set up a secure connection (SocketUseSSL=Y and
NeedClientAuth=Y). For a simple, fixed setup, everything works fine.
But I want the desktop application to allow users to use their own keyStore
and trustStore files, which can be set up through a GUI.
The GUI needs to inform the user whether the connection to the server is
successful or not, through a message/log screen. I want to capture all the
events and errors related to establishing the connection via sockets and
display it to the users.
But I cannot catch and handle the exceptions thrown when establishing the
SSL connection (E.g: invalid keystore password). This is because the
connection is established by a different thread, which, if it throws an
exception, is not throwing it in the current application thread.

To reproduce the issue you can run Banzai and either set an empty
truststore or a truststore that does not trust the server we are trying to
connect.

Basically the code:
try {
logon(initiator);
} catch (RuntimeError | ConfigError | IOException e) {
throw new RuntimeException("Failed to connect." + e.getMessage());
}

does not catch anything.

The errors are the following:
  Caused by: java.lang.RuntimeException: Unexpected error:
java.security.InvalidAlgorithmParameterException: the trustAnchors
parameter must be non-empty
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target


I would appreciate it if you had any ideas/thoughts on how this could be
managed.

Thank you.

Re: [Quickfixj-users] Problem with SSL and JdK 11

[Christoph J. <chr...@ma...>]

Hi,

I am not familiar with Apache Camel and only a little with Spring Boot, but there are at least two 
implementations of QuickFIX/J Spring Boot starters which are up-to-date. But I don't know if you can 
use them within your setup.

https://github.com/esanchezros/quickfixj-spring-boot-starter
https://github.com/gevoulga/spring-boot-quickfixj

Cheers,
Chris.


On 26.01.21 14:15, seb...@or... wrote:
> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
>
> Hi,
>
> Thank for your answer.
>
> I use the dependency camel-spring-boot-dependencies:2.24.3 : 
> https://mvnrepository.com/artifact/org.apache.camel/camel-spring-boot-dependencies/2.24.3 
> <https://mvnrepository.com/artifact/org.apache.camel/camel-spring-boot-dependencies/2.24.3>
>
> It comes with camel-quickfix-2.24.3. QuickfixJ version in this dependency is 2.1.0.
>
> But you are right, this dependency come with mina.core-2.0.17 too.
>
> It seem to take place of the mina-core-2.0.19 dependency included to quickfixJ-2.1.0.
>
> I tried last week to update to the last stable version of camel-spring-boot-dependencies : 2.25.3, 
> but it comes again with mina-core-2.0.17.
>
> I will try to update to a more recent version of camel-spring-boot-dependencies, even if it is RC.
>
> Cheers,
>
> Sebastien.
>
> *De :*Christoph John <chr...@ma...>
> *Envoyé :* mardi 26 janvier 2021 13:19
> *À :* qui...@li...; MEDARD Sebastien OBS/DD <seb...@or...>
> *Objet :* Re: [Quickfixj-users] Problem with SSL and JdK 11
>
> Hi,
>
> did you try a newer QFJ version? QFJ 2.2.0 contains MINA 2.1.3.
> Apart from that, you mentioned that you are using QFJ 2.1.0 but the log output shows 
> mina-core-2.0.17. QFJ 2.1.0 contains MINA 2.0.19 which also contained some SSL-related fixes.
>
> Cheers,
> Chris.
>
>
> On 26.01.21 12:42, seb...@or... <mailto:seb...@or...> wrote:
>
>     QuickFIX/J Documentation:http://www.quickfixj.org/documentation/  <http://www.quickfixj.org/documentation/>
>
>     QuickFIX/J Support:http://www.quickfixj.org/support/  <http://www.quickfixj.org/support/>
>
>
>
>     Hi,
>
>     I come back with the problem of SSL error with QuickfixJ and Jdk11.
>
>     I put apache.mina in debug too, I try to change the cipher suites with a stronger one which is
>     present in jdk11, I try to use another Jdk11 docker image, I try to use a jdk14 docker image.
>
>     But I’m still have the error :
>
>     DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslFilter : Adding the SSL Filter
>     SslFilter to the chain
>
>     DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Session Server[1](no
>     sslEngine) Initializing the SSL Handler
>
>     DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Session Server[1](no
>     sslEngine) SSL Handler Initialization done
>
>     DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslFilter : Session
>     Server[1](ssl...) : Starting the first handshake
>
>     2021-01-26 09:16:02.152 DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler :
>     Session Server[1](ssl...) processing the NEED_UNWRAP state
>
>     INFO 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : MINA session created:
>     local=/172.18.8.62:1085, class org.apache.mina.transport.socket.nio.NioSocketSession,
>     remote=/172.18.0.152:35990
>     javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 09:16:02.154 GMT|SSLEngineImpl.java:752|Closing
>     outbound of SSLEngine
>     javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 09:16:02.156
>     GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data
>
>     ERROR 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : Socket
>     (/172.18.0.152:35990): javax.net.ssl.SSLException: Improper close state: Status = OK
>     HandshakeStatus = NEED_WRAP
>     bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
>
>     javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
>     bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
>     at org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502)
>     ~[mina-core-2.0.17.jar!/:na]
>     at org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768)
>     ~[mina-core-2.0.17.jar!/:na]
>     at org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:702)
>     ~[mina-core-2.0.17.jar!/:na]
>
>
>     …
>     javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 09:16:02.162 GMT|SSLEngineImpl.java:724|Closing
>     inbound of SSLEngine
>     javax.net.ssl|ERROR|3C|NioProcessor-2|2021-01-26 09:16:02.163
>     GMT|TransportContext.java:341|Fatal (INTERNAL_ERROR): closing inbound before receiving peer's
>     close_notify (
>     "throwable" : {
>     javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
>     at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
>
>     DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Unexpected exception
>     from SSLEngine.closeInbound().
>     javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
>     at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) ~[na:na]
>
>     javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 09:16:02.164
>     GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data
>
>     I get this error even if no client try to connect on my module.
>
>     If someone have suggestions or ideas on this problem, I’m interested.
>
>     Best regards,
>
>     Sebastien.
>
>     _________________________________________________________________________________________________________________________
>
>     Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
>
>     pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
>
>     a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
>
>     Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
>     This message and its attachments may contain confidential or privileged information that may be protected by law;
>
>     they should not be distributed, used or copied without authorisation.
>
>     If you have received this email in error, please notify the sender and delete this message and its attachments.
>
>     As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
>
>     Thank you.
>
>
>
>
>     _______________________________________________
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>
>
> _______________________________________________
> Quickfixj-users mailing list
> Qui...@li...
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

-- 
Christoph John
Software Engineering
T +49 241 557080-28
chr...@ma...

MACD GmbH
Oppenhoffallee 103
52066 Aachen, Germany
www.macd.com

Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663
Geschäftsführer: George Macdonald

Re: [Quickfixj-users] Problem with SSL and JdK 11

[<seb...@or...>]

Hi,

Thank for your answer.
I use the dependency camel-spring-boot-dependencies:2.24.3 : https://mvnrepository.com/artifact/org.apache.camel/camel-spring-boot-dependencies/2.24.3
It comes with camel-quickfix-2.24.3. QuickfixJ version in this dependency is 2.1.0.
But you are right, this dependency come with mina.core-2.0.17 too.
It seem to take place of the mina-core-2.0.19 dependency included to quickfixJ-2.1.0.

I tried last week to update to the last stable version of camel-spring-boot-dependencies : 2.25.3, but it comes again with mina-core-2.0.17.
I will try to update to a more recent version of camel-spring-boot-dependencies, even if it is RC.

Cheers,
Sebastien.


De : Christoph John <chr...@ma...>
Envoyé : mardi 26 janvier 2021 13:19
À : qui...@li...; MEDARD Sebastien OBS/DD <seb...@or...>
Objet : Re: [Quickfixj-users] Problem with SSL and JdK 11

Hi,

did you try a newer QFJ version? QFJ 2.2.0 contains MINA 2.1.3.
Apart from that, you mentioned that you are using QFJ 2.1.0 but the log output shows mina-core-2.0.17. QFJ 2.1.0 contains MINA 2.0.19 which also contained some SSL-related fixes.

Cheers,
Chris.


On 26.01.21 12:42, seb...@or...<mailto:seb...@or...> wrote:

QuickFIX/J Documentation: http://www.quickfixj.org/documentation/

QuickFIX/J Support: http://www.quickfixj.org/support/






Hi,

I come back with the problem of SSL error with QuickfixJ and Jdk11.

I put apache.mina in debug too, I try to change the cipher suites with a stronger one which is present in jdk11, I try to use another Jdk11 docker image, I try to use a jdk14 docker image.
But I'm still have the error :

DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslFilter : Adding the SSL Filter SslFilter to the chain
DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Session Server[1](no sslEngine) Initializing the SSL Handler
DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Session Server[1](no sslEngine) SSL Handler Initialization done
DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslFilter : Session Server[1](ssl...) : Starting the first handshake
2021-01-26 09:16:02.152 DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Session Server[1](ssl...) processing the NEED_UNWRAP state
INFO 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : MINA session created: local=/172.18.8.62:1085, class org.apache.mina.transport.socket.nio.NioSocketSession, remote=/172.18.0.152:35990
javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 09:16:02.154 GMT|SSLEngineImpl.java:752|Closing outbound of SSLEngine
javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 09:16:02.156 GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data
ERROR 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : Socket (/172.18.0.152:35990): javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0

javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
at org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502) ~[mina-core-2.0.17.jar!/:na]
at org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768) ~[mina-core-2.0.17.jar!/:na]
at org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:702) ~[mina-core-2.0.17.jar!/:na]

...
javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 09:16:02.162 GMT|SSLEngineImpl.java:724|Closing inbound of SSLEngine
javax.net.ssl|ERROR|3C|NioProcessor-2|2021-01-26 09:16:02.163 GMT|TransportContext.java:341|Fatal (INTERNAL_ERROR): closing inbound before receiving peer's close_notify (
"throwable" : {
javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)

DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Unexpected exception from SSLEngine.closeInbound().
javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) ~[na:na]

javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 09:16:02.164 GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data

I get this error even if no client try to connect on my module.
If someone have suggestions or ideas on this problem, I'm interested.
Best regards,
Sebastien.

_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.




_______________________________________________


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Re: [Quickfixj-users] Problem with SSL and JdK 11

[Christoph J. <chr...@ma...>]

Hi,

did you try a newer QFJ version? QFJ 2.2.0 contains MINA 2.1.3.
Apart from that, you mentioned that you are using QFJ 2.1.0 but the log output shows 
mina-core-2.0.17. QFJ 2.1.0 contains MINA 2.0.19 which also contained some SSL-related fixes.

Cheers,
Chris.



On 26.01.21 12:42, seb...@or... wrote:
> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
>
> Hi,
>
> I come back with the problem of SSL error with QuickfixJ and Jdk11.
>
> I put apache.mina in debug too, I try to change the cipher suites with a stronger one which is 
> present in jdk11, I try to use another Jdk11 docker image, I try to use a jdk14 docker image.
>
> But I’m still have the error :
>
> DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslFilter : Adding the SSL Filter 
> SslFilter to the chain
>
> DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Session Server[1](no 
> sslEngine) Initializing the SSL Handler
>
> DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Session Server[1](no 
> sslEngine) SSL Handler Initialization done
>
> DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslFilter : Session Server[1](ssl...) : 
> Starting the first handshake
>
> 2021-01-26 09:16:02.152 DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : 
> Session Server[1](ssl...) processing the NEED_UNWRAP state
>
> INFO 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : MINA session created: 
> local=/172.18.8.62:1085, class org.apache.mina.transport.socket.nio.NioSocketSession, 
> remote=/172.18.0.152:35990
> javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 09:16:02.154 GMT|SSLEngineImpl.java:752|Closing 
> outbound of SSLEngine
> javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 09:16:02.156 
> GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data
>
> ERROR 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : Socket (/172.18.0.152:35990): 
> javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
> bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
>
> javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
> bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
> at org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502) 
> ~[mina-core-2.0.17.jar!/:na]
> at org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768) 
> ~[mina-core-2.0.17.jar!/:na]
> at org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:702) ~[mina-core-2.0.17.jar!/:na]
>
>
> …
> javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 09:16:02.162 GMT|SSLEngineImpl.java:724|Closing 
> inbound of SSLEngine
> javax.net.ssl|ERROR|3C|NioProcessor-2|2021-01-26 09:16:02.163 GMT|TransportContext.java:341|Fatal 
> (INTERNAL_ERROR): closing inbound before receiving peer's close_notify (
> "throwable" : {
> javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
>
> DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Unexpected exception from 
> SSLEngine.closeInbound().
> javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
> at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) ~[na:na]
>
> javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 09:16:02.164 
> GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data
>
> I get this error even if no client try to connect on my module.
>
> If someone have suggestions or ideas on this problem, I’m interested.
>
> Best regards,
>
> Sebastien.
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>
>
> _______________________________________________

Re: [Quickfixj-users] Problem with SSL and JdK 11

[<seb...@or...>]

Hi,

I come back with the problem of SSL error with QuickfixJ and Jdk11.

I put apache.mina in debug too, I try to change the cipher suites with a stronger one which is present in jdk11, I try to use another Jdk11 docker image, I try to use a jdk14 docker image.
But I'm still have the error :

DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslFilter : Adding the SSL Filter SslFilter to the chain
DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Session Server[1](no sslEngine) Initializing the SSL Handler
DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Session Server[1](no sslEngine) SSL Handler Initialization done
DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslFilter : Session Server[1](ssl...) : Starting the first handshake
2021-01-26 09:16:02.152 DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Session Server[1](ssl...) processing the NEED_UNWRAP state
INFO 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : MINA session created: local=/172.18.8.62:1085, class org.apache.mina.transport.socket.nio.NioSocketSession, remote=/172.18.0.152:35990
javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 09:16:02.154 GMT|SSLEngineImpl.java:752|Closing outbound of SSLEngine
javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 09:16:02.156 GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data
ERROR 10 --- [ NioProcessor-2] q.mina.acceptor.AcceptorIoHandler : Socket (/172.18.0.152:35990): javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0

javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
at org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502) ~[mina-core-2.0.17.jar!/:na]
at org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768) ~[mina-core-2.0.17.jar!/:na]
at org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:702) ~[mina-core-2.0.17.jar!/:na]

...
javax.net.ssl|ALL|3C|NioProcessor-2|2021-01-26 09:16:02.162 GMT|SSLEngineImpl.java:724|Closing inbound of SSLEngine
javax.net.ssl|ERROR|3C|NioProcessor-2|2021-01-26 09:16:02.163 GMT|TransportContext.java:341|Fatal (INTERNAL_ERROR): closing inbound before receiving peer's close_notify (
"throwable" : {
javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)

DEBUG 10 --- [ NioProcessor-2] org.apache.mina.filter.ssl.SslHandler : Unexpected exception from SSLEngine.closeInbound().
javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133) ~[na:na]

javax.net.ssl|WARNING|3C|NioProcessor-2|2021-01-26 09:16:02.164 GMT|SSLEngineOutputRecord.java:168|outbound has closed, ignore outbound application data

I get this error even if no client try to connect on my module.
If someone have suggestions or ideas on this problem, I'm interested.
Best regards,
Sebastien.

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Re: [Quickfixj-users] QuickFIx/n FileStorePath

[Colin D. <co...@ma...>]

This is the QuickFIX/J list, not QuickFix/n. However, you may be able to 
use the JdbcStore, if such a thing exists in QuickFix/n.

On 1/25/21 9:18 AM, ZEESHAN.ALI--- via Quickfixj-users wrote:
> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
>
> Hi Team,
>
> We have acceptor service written over QuickFIx/n. We use FileStorePath 
> to store session details.
>
> On many occasions those file were NOT accessible or deleted due to 
> some back ground service like Antivirus  scans. This has created major 
> issue when session reset at the same time and create sticky session. 
> Is there way I can use database to store sequence or session details 
> currently being used over file format. Please help me with code change 
> as well.
>
> Regards
>
> Zeeshan Ali
>
>
> This communication and any attachments are confidential and intended 
> solely for the addressee. If you are not the intended recipient please 
> advise us immediately and delete it. Unless specifically stated in the 
> message or otherwise indicated, you may not duplicate, redistribute or 
> forward this message and any attachments are not intended for 
> distribution to, or use by any person or entity in any jurisdiction or 
> country where such distribution or use would be contrary to local law 
> or regulation. NatWest Markets Plc, NatWest Markets N.V., NatWest 
> Markets Securities Japan Limited and/or NatWest Markets Securities 
> Inc. (collectively "NatWest Markets") accepts no responsibility for 
> any changes made to this message after it was sent.
> This communication, where prepared by the sales and trading desk or 
> desk strategists, may be marketing material, desk strategy and/or 
> trader commentary. It is not a product of the research department. 
> This material may constitute an invitation to consider entering into a 
> derivatives transaction under U.S. CFTC Regulations sections 1.71 and 
> 23.605, where applicable, but is not a binding offer to buy/sell any 
> financial instrument. The views of the author may differ from others 
> at NatWest Markets.
> Unless otherwise specifically indicated, the contents of this 
> communication and its attachments are for information purposes only 
> and should not be regarded as an offer or solicitation to buy or sell 
> a product or service, confirmation of any transaction, a valuation, 
> indicative price or an official statement. Trading desks may have a 
> position or interest that is inconsistent with any views expressed in 
> this message. In evaluating the information contained in this message, 
> you should know that it could have been previously provided to other 
> clients and/or internal NatWest Markets personnel, who could have 
> already acted on it.
> NatWest Markets cannot provide absolute assurances that all electronic 
> communications (sent or received) are secure, error free, not 
> corrupted, incomplete or virus free and/or that they will not be lost, 
> mis-delivered, destroyed, delayed or intercepted/decrypted by others. 
> Therefore NatWest Markets disclaims all liability with regards to 
> electronic communications (and the contents therein) if they are 
> corrupted, lost destroyed, delayed, incomplete, mis-delivered, 
> intercepted, decrypted or otherwise misappropriated by others.
> Any electronic communication that is conducted within or through 
> NatWest Markets systems will be subject to being archived, monitored 
> and produced to regulators and in litigation in accordance with 
> NatWest Markets’ policy and local laws, rules and regulations. Unless 
> expressly prohibited by local law, electronic communications may be 
> archived in countries other than the country in which you are located, 
> and may be treated in accordance with the laws and regulations of the 
> country of each individual included in the entire chain.
> Copyright © NatWest Markets Plc. All rights reserved. See 
> https://www.nwm.com/disclaimer for further risk disclosure (the agency 
> arrangements referred to in the further risk disclosure between 
> NatWest Markets Plc and NatWest Markets N.V. are not applicable to 
> branches of NatWest Markets N.V.).
>
>
> _______________________________________________
> Quickfixj-users mailing list
> Qui...@li...
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

-- 
Colin DuPlantis
Chief Architect, Marketcetera
Download, Run, Trade
888.868.4884
https://www.marketcetera.com

[Quickfixj-users] QuickFIx/n FileStorePath

[<ZEE...@na...>]

Hi Team,

We have acceptor service written over QuickFIx/n. We use FileStorePath to store session details.
On many occasions those file were NOT accessible or deleted due to some back ground service like Antivirus  scans. This has created major issue when session reset at the same time and create sticky session. Is there way I can use database to store sequence or session details currently being used over file format. Please help me with code change as well.

Regards
Zeeshan Ali



This communication and any attachments are confidential and intended solely for the addressee. If you are not the intended recipient please advise us immediately and delete it. Unless specifically stated in the message or otherwise indicated, you may not duplicate, redistribute or forward this message and any attachments are not intended for distribution to, or use by any person or entity in any jurisdiction or country where such distribution or use would be contrary to local law or regulation. NatWest Markets Plc, NatWest Markets N.V., NatWest Markets Securities Japan Limited and/or NatWest Markets Securities Inc. (collectively "NatWest Markets") accepts no responsibility for any changes made to this message after it was sent.

This communication, where prepared by the sales and trading desk or desk strategists, may be marketing material, desk strategy and/or trader commentary. It is not a product of the research department. This material may constitute an invitation to consider entering into a derivatives transaction under U.S. CFTC Regulations sections 1.71 and 23.605, where applicable, but is not a binding offer to buy/sell any financial instrument. The views of the author may differ from others at NatWest Markets.

Unless otherwise specifically indicated, the contents of this communication and its attachments are for information purposes only and should not be regarded as an offer or solicitation to buy or sell a product or service, confirmation of any transaction, a valuation, indicative price or an official statement. Trading desks may have a position or interest that is inconsistent with any views expressed in this message. In evaluating the information contained in this message, you should know that it could have been previously provided to other clients and/or internal NatWest Markets personnel, who could have already acted on it.

NatWest Markets cannot provide absolute assurances that all electronic communications (sent or received) are secure, error free, not corrupted, incomplete or virus free and/or that they will not be lost, mis-delivered, destroyed, delayed or intercepted/decrypted by others. Therefore NatWest Markets disclaims all liability with regards to electronic communications (and the contents therein) if they are corrupted, lost destroyed, delayed, incomplete, mis-delivered, intercepted, decrypted or otherwise misappropriated by others.

Any electronic communication that is conducted within or through NatWest Markets systems will be subject to being archived, monitored and produced to regulators and in litigation in accordance with NatWest Markets’ policy and local laws, rules and regulations. Unless expressly prohibited by local law, electronic communications may be archived in countries other than the country in which you are located, and may be treated in accordance with the laws and regulations of the country of each individual included in the entire chain.

Copyright © NatWest Markets Plc. All rights reserved. See https://www.nwm.com/disclaimer for further risk disclosure (the agency arrangements referred to in the further risk disclosure between NatWest Markets Plc and NatWest Markets N.V. are not applicable to branches of NatWest Markets N.V.).

Re: [Quickfixj-users] QuickFixJ received the FXSWAP message(167=FXSWAP) from Bloomberg, then sent the different message to our client application.

[Christoph J. <chr...@ma...>]

Hi Jianhe,

if that InstrumentLeg component is part of a repeating group, then yes, that is the problem. Field 
order in FIX messages is not important except in repeating groups.

You can read about it here: 
https://www.fixtrading.org/standards/tagvalue-online/#field-sequence-within-a-repeating-group
"Fields within repeating groups must be specified in the order that the fields are specified in the 
message definition."

Feel free to forward that information to Bloomberg. ;) The more people report such problems the better.

Until Bloomberg corrects this you could use the setting ValidateUnorderedGroupFields=N.

Cheers,
Chris.


On 22.01.21 09:59, JianHe Liao wrote:
>
> Hi Chris,
>
> The field order in message:
>
> 600=EUR/GBP
>
> 1788=1
>
> 602=EUR/GBP
>
> The field order in DataDictionary:
>
> <field name="LegSymbol" required="N"/>
>
> <field name="LegSecurityID" required="N"/>
>
> <field name="LegID" required="N"/>
>
> Is it the reason why "Out of order repeating group members, field=602" ?
>
> Many thanks for your help !!!
>
> Jianhe
>
>

-- 
Christoph John
Software Engineering
T +49 241 557080-28
chr...@ma...

MACD GmbH
Oppenhoffallee 103
52066 Aachen, Germany
www.macd.com

Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663
Geschäftsführer: George Macdonald

Re: [Quickfixj-users] Problem with SSL and JdK 11

[<seb...@or...>]

Hi,

Thanks for your answers, I will check today the version of the jdk and the cipher suites used.
If the problem stay, I will try to have more information about the error.

Cheers,
Sebastien.

De : Christoph John <chr...@ma...>
Envoyé : vendredi 22 janvier 2021 00:08
À : qui...@li...; MEDARD Sebastien OBS/DD <seb...@or...>
Objet : Re: [Quickfixj-users] Problem with SSL and JdK 11

Hi,

are you sure that enabled SSL debug logging does not provide more information? Usually it should at least log the supported and ignored ciphers on startup.
Are you using the most recent OpenJDK11?
What output does the following command print? Is your cipher included?
$JAVA_HOME/bin/jrunscript -e "java.util.Arrays.asList(javax.net.ssl.SSLContext.getDefault().getSocketFactory().getSupportedCipherSuites()).forEach(println)"

Cheers,
Chris.

On 21.01.21 16:15, seb...@or...<mailto:seb...@or...> wrote:

QuickFIX/J Documentation: http://www.quickfixj.org/documentation/

QuickFIX/J Support: http://www.quickfixj.org/support/






Hello everyone,

I meet some SSL problem with my Java application using QuickFixJ and SSL activate.

Months ago, the application was on openJdk8, and used QuickfixJ 2.1.0. Here was the configuration :

SocketUseSSL : "Y"
CipherSuites :  "TLS_RSA_WITH_AES_128_CBC_SHA"
EnabledProtocols : "TLSv1.2"
SocketKeyStore : path to keystore
SocketKeyStorePassword :  *****
SocketTrustStore : path to truststore
SocketTrustStorePassword :  *****
NeedClientAuth :  "Y"


Then we work on migration of the code, from java 8 to java 11. We keep the same SSL configuration of Quickfix J, we keep the same version (2.1.0).
Now we have error with the SSL part :

javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
                at org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502) ~[mina-core-2.0.17.jar!/:na]
                at org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768) ~[mina-core-2.0.17.jar!/:na]
......
javax.net.ssl|ALL|36|NioProcessor-2|2021-01-17 20:53:25.961 UTC|SSLEngineImpl.java:724|Closing inbound of SSLEngine
javax.net.ssl|ERROR|36|NioProcessor-2|2021-01-17 20:53:25.962 UTC|TransportContext.java:342|Fatal (INTERNAL_ERROR): closing inbound before receiving peer's close_notify (
"throwable" : {
  javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
               at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
               at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
               at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:337)

With java.net.SSL in debug, I don't have more information about the problem.

The truststore and the keystore are the same, and they are find by Quickfick J (If I configure a bad path for the keystore, I get an error message in the log about it)

I try some configurations in order to slove the problem, as adding this parameter to the JVM :
-Djdk.tls.client.protocols="TLSv1.2" -Djdk.tls.server.protocols="TLSv1.2"  -Djdk.tls.acknowledgeCloseNotify=true

But I get the same error.
I tried with the last version of QuickFixJ, but I still have the problem.

Do someone already have this issue or have an idea to slove it ?

Best regards,
Sebastien.


[Logo                  Orange Business Services]<http://www.orange-business.com/fr>

Sebastien Medard
ORANGE/OBS/SCE/DD SUBS/NEWOAB/DPS/PS/ATSI

seb...@or...<mailto:seb...@or...>

Tel Mobile : 06 07 02 09 71


_________________________________________________________________________________________________________________________



Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc

pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler

a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,

Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.



This message and its attachments may contain confidential or privileged information that may be protected by law;

they should not be distributed, used or copied without authorisation.

If you have received this email in error, please notify the sender and delete this message and its attachments.

As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.

Thank you.




_______________________________________________

Quickfixj-users mailing list

Qui...@li...<mailto:Qui...@li...>

https://lists.sourceforge.net/lists/listinfo/quickfixj-users



--

Christoph John

Software Engineering

T +49 241 557080-28

chr...@ma...<mailto:chr...@ma...>



MACD GmbH

Oppenhoffallee 103

52066 Aachen, Germany

www.macd.com<http://www.macd.com>



Amtsgericht Aachen: HRB 8151

Ust.-Id: DE 813021663

Geschäftsführer: George Macdonald



_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Re: [Quickfixj-users] Problem with SSL and JdK 11

[Christoph J. <chr...@ma...>]

Hi,

are you sure that enabled SSL debug logging does not provide more information? Usually it should at 
least log the supported and ignored ciphers on startup.
Are you using the most recent OpenJDK11?
What output does the following command print? Is your cipher included?
$JAVA_HOME/bin/jrunscript -e 
"java.util.Arrays.asList(javax.net.ssl.SSLContext.getDefault().getSocketFactory().getSupportedCipherSuites()).forEach(println)"

Cheers,
Chris.


On 21.01.21 16:15, seb...@or... wrote:
> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
>
> Hello everyone,
>
> I meet some SSL problem with my Java application using QuickFixJ and SSL activate.
>
> Months ago, the application was on openJdk8, and used QuickfixJ 2.1.0. Here was the configuration :
>
> /SocketUseSSL : "Y"/
>
> /CipherSuites :  "TLS_RSA_WITH_AES_128_CBC_SHA"/
>
> /EnabledProtocols : "TLSv1.2"/
>
> /SocketKeyStore : path to keystore/
>
> /SocketKeyStorePassword :  *****/
>
> /SocketTrustStore : path to truststore/
>
> /SocketTrustStorePassword :  *****/
>
> /NeedClientAuth :  "Y"/
>
> Then we work on migration of the code, from java 8 to java 11. We keep the same SSL configuration 
> of Quickfix J, we keep the same version (2.1.0).
>
> Now we have error with the SSL part :
>
> /javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP/
>
> /bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0/
>
> /at org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502) 
> ~[mina-core-2.0.17.jar!/:na]/
>
> /at org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768) 
> ~[mina-core-2.0.17.jar!/:na]/
>
> /……/
>
> /javax.net.ssl|ALL|36|NioProcessor-2|2021-01-17 20:53:25.961 UTC|SSLEngineImpl.java:724|Closing 
> inbound of SSLEngine/
>
> /javax.net.ssl|ERROR|36|NioProcessor-2|2021-01-17 20:53:25.962 UTC|TransportContext.java:342|Fatal 
> (INTERNAL_ERROR): closing inbound before receiving peer's close_notify (/
>
> /"throwable" : {/
>
> /javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify/
>
> /             at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)/
>
> /             at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)/
>
> /             at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:337)/
>
> With java.net.SSL in debug, I don’t have more information about the problem.
>
> The truststore and the keystore are the same, and they are find by Quickfick J (If I configure a 
> bad path for the keystore, I get an error message in the log about it)
>
> I try some configurations in order to slove the problem, as adding this parameter to the JVM :
>
> -Djdk.tls.client.protocols="TLSv1.2" -Djdk.tls.server.protocols="TLSv1.2" 
> -Djdk.tls.acknowledgeCloseNotify=true
>
> But I get the same error.
>
> I tried with the last version of QuickFixJ, but I still have the problem.
>
> Do someone already have this issue or have an idea to slove it ?
>
> Best regards,
>
> Sebastien.
>
> Logo Orange Business Services <http://www.orange-business.com/fr>
>
> *Sebastien Medard *
> ORANGE/OBS/SCE/DD SUBS/NEWOAB/DPS/PS/ATSI
>
> seb...@or... <mailto:seb...@or...>
>
> Tel Mobile : 06 07 02 09 71
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>
>
> _______________________________________________
> Quickfixj-users mailing list
> Qui...@li...
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

-- 
Christoph John
Software Engineering
T +49 241 557080-28
chr...@ma...

MACD GmbH
Oppenhoffallee 103
52066 Aachen, Germany
www.macd.com

Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663
Geschäftsführer: George Macdonald

Re: [Quickfixj-users] Problem with SSL and JdK 11

[Ajay P. <ap...@en...>]

We have had this problem before when the certificates used by sessions are
owned by the counterparties(and not us) and JDK/JRE upgrade on our
side deprecates the cipher used.
We have gotten around it by supplying a modified java security policy file
more in line with the older jdk for that session until we can move the
counterparty to a newer certificate. It depends on what JDK you are using
but this link has an example.
https://dzone.com/articles/how-override-java-security

Cheers
Ajay



On Thu, Jan 21, 2021 at 10:36 AM Colin DuPlantis <co...@ma...>
wrote:

> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J <http://www.quickfixj.org/documentation/QuickFIX/J> Support:
> http://www.quickfixj.org/support/
>
>
> I haven't seen this specific problem, but I have seen differences between,
> say Oracle's version of JDK and OpenJdk's with SSL, even for the same
> version. The cipher suites supported don't always seem to be identical.
>
> You could try different versions of the JDK and different distributions.
> On 1/21/21 7:46 AM, Philip Whitehouse wrote:
>
> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
> Seems the same as https://bugs.mysql.com/bug.php?id=93590
>
> Best,
>
> Philip Whitehouse
>
> On 21 Jan 2021, at 15:34, seb...@or... wrote:
>
> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
> Hello everyone,
>
>
>
> I meet some SSL problem with my Java application using QuickFixJ and SSL
> activate.
>
>
>
> Months ago, the application was on openJdk8, and used QuickfixJ 2.1.0.
> Here was the configuration :
>
>
>
> *SocketUseSSL : "Y"*
>
> *CipherSuites :  "TLS_RSA_WITH_AES_128_CBC_SHA"*
>
> *EnabledProtocols : "TLSv1.2"*
>
> *SocketKeyStore : path to keystore*
>
> *SocketKeyStorePassword :  ******
>
> *SocketTrustStore : path to truststore*
>
> *SocketTrustStorePassword :  ******
>
> *NeedClientAuth :  "Y"*
>
>
>
>
>
> Then we work on migration of the code, from java 8 to java 11. We keep the
> same SSL configuration of Quickfix J, we keep the same version (2.1.0).
>
> Now we have error with the SSL part :
>
>
>
> *javax.net.ssl.SSLException: Improper close state: Status = OK
> HandshakeStatus = NEED_WRAP*
>
> *bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0*
>
> *                at
> org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502)
> ~[mina-core-2.0.17.jar!/:na]*
>
> *                at
> org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768)
> ~[mina-core-2.0.17.jar!/:na]*
>
> *……*
>
> *javax.net.ssl|ALL|36|NioProcessor-2|2021-01-17 20:53:25.961
> UTC|SSLEngineImpl.java:724|Closing inbound of SSLEngine*
>
> *javax.net.ssl|ERROR|36|NioProcessor-2|2021-01-17 20:53:25.962
> UTC|TransportContext.java:342|Fatal (INTERNAL_ERROR): closing inbound
> before receiving peer's close_notify (*
>
> *"throwable" : {*
>
> *  javax.net.ssl.SSLException: closing inbound before receiving peer's
> close_notify*
>
> *               at
> java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)*
>
> *               at
> java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)*
>
> *               at
> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:337)*
>
>
>
> With java.net.SSL in debug, I don’t have more information about the
> problem.
>
>
>
> The truststore and the keystore are the same, and they are find by
> Quickfick J (If I configure a bad path for the keystore, I get an error
> message in the log about it)
>
>
>
> I try some configurations in order to slove the problem, as adding this
> parameter to the JVM :
>
> -Djdk.tls.client.protocols="TLSv1.2" -Djdk.tls.server.protocols="TLSv1.2"
> -Djdk.tls.acknowledgeCloseNotify=true
>
>
>
> But I get the same error.
>
> I tried with the last version of QuickFixJ, but I still have the problem.
>
>
>
> Do someone already have this issue or have an idea to slove it ?
>
>
>
> Best regards,
>
> Sebastien.
>
>
>
>
>
> <http://www.orange-business.com/fr>
> <image001.png> <http://www.orange-business.com/fr>
>
>
>
> *Sebastien Medard *
> ORANGE/OBS/SCE/DD SUBS/NEWOAB/DPS/PS/ATSI
>
>
>
> seb...@or...
>
>
>
> Tel Mobile : 06 07 02 09 71
>
>
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>
> _______________________________________________
> Quickfixj-users mailing list
> Qui...@li...
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>
>
>
> _______________________________________________
> Quickfixj-users mailing lis...@li...://lists.sourceforge.net/lists/listinfo/quickfixj-users
>
> --
> Colin DuPlantis
> Chief Architect, Marketcetera
> Download, Run, Trade
> 888.868.4884https://www.marketcetera.com
>
> _______________________________________________
> Quickfixj-users mailing list
> Qui...@li...
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>

-- 
 
<https://www.linkedin.com/uas/login?session_redirect=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fenfusion-systems-llc%2Fmycompany> 
 <https://twitter.com/enfusion>
Follow us for more unique Enfusion insights 
like this: _Adapting to an accelerated pace of change in 2021_ 
<https://www.linkedin.com/feed/update/urn:li:activity:6746820573227167744>

Re: [Quickfixj-users] Problem with SSL and JdK 11

[Colin D. <co...@ma...>]

I haven't seen this specific problem, but I have seen differences 
between, say Oracle's version of JDK and OpenJdk's with SSL, even for 
the same version. The cipher suites supported don't always seem to be 
identical.

You could try different versions of the JDK and different distributions.

On 1/21/21 7:46 AM, Philip Whitehouse wrote:
> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
>
> Seems the same as https://bugs.mysql.com/bug.php?id=93590
>
> Best,
>
> Philip Whitehouse
>
>> On 21 Jan 2021, at 15:34, seb...@or... wrote:
>>
>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>
>>
>> Hello everyone,
>>
>> I meet some SSL problem with my Java application using QuickFixJ and 
>> SSL activate.
>>
>> Months ago, the application was on openJdk8, and used QuickfixJ 
>> 2.1.0. Here was the configuration :
>>
>> /SocketUseSSL : "Y"/
>>
>> /CipherSuites :  "TLS_RSA_WITH_AES_128_CBC_SHA"/
>>
>> /EnabledProtocols : "TLSv1.2"/
>>
>> /SocketKeyStore : path to keystore/
>>
>> /SocketKeyStorePassword :  *****/
>>
>> /SocketTrustStore : path to truststore/
>>
>> /SocketTrustStorePassword :  *****/
>>
>> /NeedClientAuth :  "Y"/
>>
>> Then we work on migration of the code, from java 8 to java 11. We 
>> keep the same SSL configuration of Quickfix J, we keep the same 
>> version (2.1.0).
>>
>> Now we have error with the SSL part :
>>
>> /javax.net.ssl.SSLException: Improper close state: Status = OK 
>> HandshakeStatus = NEED_WRAP/
>>
>> /bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0/
>>
>> /at 
>> org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502) 
>> ~[mina-core-2.0.17.jar!/:na]/
>>
>> /at 
>> org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768) 
>> ~[mina-core-2.0.17.jar!/:na]/
>>
>> /……/
>>
>> /javax.net.ssl|ALL|36|NioProcessor-2|2021-01-17 20:53:25.961 
>> UTC|SSLEngineImpl.java:724|Closing inbound of SSLEngine/
>>
>> /javax.net.ssl|ERROR|36|NioProcessor-2|2021-01-17 20:53:25.962 
>> UTC|TransportContext.java:342|Fatal (INTERNAL_ERROR): closing inbound 
>> before receiving peer's close_notify (/
>>
>> /"throwable" : {/
>>
>> /javax.net.ssl.SSLException: closing inbound before receiving peer's 
>> close_notify/
>>
>> /             at 
>> java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)/
>>
>> /             at 
>> java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)/
>>
>> /             at 
>> java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:337)/
>>
>> With java.net.SSL in debug, I don’t have more information about the 
>> problem.
>>
>> The truststore and the keystore are the same, and they are find by 
>> Quickfick J (If I configure a bad path for the keystore, I get an 
>> error message in the log about it)
>>
>> I try some configurations in order to slove the problem, as adding 
>> this parameter to the JVM :
>>
>> -Djdk.tls.client.protocols="TLSv1.2" 
>> -Djdk.tls.server.protocols="TLSv1.2" 
>> -Djdk.tls.acknowledgeCloseNotify=true
>>
>> But I get the same error.
>>
>> I tried with the last version of QuickFixJ, but I still have the problem.
>>
>> Do someone already have this issue or have an idea to slove it ?
>>
>> Best regards,
>>
>> Sebastien.
>>
>> <http://www.orange-business.com/fr>
>>
>> <image001.png> <http://www.orange-business.com/fr>
>>
>> *Sebastien Medard *
>> ORANGE/OBS/SCE/DD SUBS/NEWOAB/DPS/PS/ATSI
>>
>> seb...@or... <mailto:seb...@or...>
>>
>> Tel Mobile : 06 07 02 09 71
>>
>> _________________________________________________________________________________________________________________________
>>
>> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
>> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
>> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
>> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>>
>> This message and its attachments may contain confidential or privileged information that may be protected by law;
>> they should not be distributed, used or copied without authorisation.
>> If you have received this email in error, please notify the sender and delete this message and its attachments.
>> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
>> Thank you.
>> _______________________________________________
>> Quickfixj-users mailing list
>> Qui...@li...
>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>
>
> _______________________________________________
> Quickfixj-users mailing list
> Qui...@li...
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

-- 
Colin DuPlantis
Chief Architect, Marketcetera
Download, Run, Trade
888.868.4884
https://www.marketcetera.com

Re: [Quickfixj-users] Problem with SSL and JdK 11

[Philip W. <ph...@wh...>]

Seems the same as https://bugs.mysql.com/bug.php?id=93590

Best,

Philip Whitehouse

> On 21 Jan 2021, at 15:34, seb...@or... wrote:
> 
> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
> 
> 
> Hello everyone,
>  
> I meet some SSL problem with my Java application using QuickFixJ and SSL activate.
>  
> Months ago, the application was on openJdk8, and used QuickfixJ 2.1.0. Here was the configuration :
>  
> SocketUseSSL : "Y"
> CipherSuites :  "TLS_RSA_WITH_AES_128_CBC_SHA"
> EnabledProtocols : "TLSv1.2"
> SocketKeyStore : path to keystore
> SocketKeyStorePassword :  *****
> SocketTrustStore : path to truststore
> SocketTrustStorePassword :  *****
> NeedClientAuth :  "Y"
>  
>  
> Then we work on migration of the code, from java 8 to java 11. We keep the same SSL configuration of Quickfix J, we keep the same version (2.1.0).
> Now we have error with the SSL part :
>  
> javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
> bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
>                 at org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502) ~[mina-core-2.0.17.jar!/:na]
>                 at org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768) ~[mina-core-2.0.17.jar!/:na]
> ……
> javax.net.ssl|ALL|36|NioProcessor-2|2021-01-17 20:53:25.961 UTC|SSLEngineImpl.java:724|Closing inbound of SSLEngine
> javax.net.ssl|ERROR|36|NioProcessor-2|2021-01-17 20:53:25.962 UTC|TransportContext.java:342|Fatal (INTERNAL_ERROR): closing inbound before receiving peer's close_notify (
> "throwable" : {
>   javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
>                at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
>                at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
>                at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:337)
>  
> With java.net.SSL in debug, I don’t have more information about the problem.
>  
> The truststore and the keystore are the same, and they are find by Quickfick J (If I configure a bad path for the keystore, I get an error message in the log about it)
>  
> I try some configurations in order to slove the problem, as adding this parameter to the JVM :
> -Djdk.tls.client.protocols="TLSv1.2" -Djdk.tls.server.protocols="TLSv1.2"  -Djdk.tls.acknowledgeCloseNotify=true
>  
> But I get the same error.
> I tried with the last version of QuickFixJ, but I still have the problem.
>  
> Do someone already have this issue or have an idea to slove it ?
>  
> Best regards,
> Sebastien.
>  
>  
> <image001.png>
>  
> Sebastien Medard 
> ORANGE/OBS/SCE/DD SUBS/NEWOAB/DPS/PS/ATSI
>  
> seb...@or...
>  
> Tel Mobile : 06 07 02 09 71
>  
> _________________________________________________________________________________________________________________________
> 
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
> 
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
> _______________________________________________
> Quickfixj-users mailing list
> Qui...@li...
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

[Quickfixj-users] Problem with SSL and JdK 11

[<seb...@or...>]

Hello everyone,

I meet some SSL problem with my Java application using QuickFixJ and SSL activate.

Months ago, the application was on openJdk8, and used QuickfixJ 2.1.0. Here was the configuration :

SocketUseSSL : "Y"
CipherSuites :  "TLS_RSA_WITH_AES_128_CBC_SHA"
EnabledProtocols : "TLSv1.2"
SocketKeyStore : path to keystore
SocketKeyStorePassword :  *****
SocketTrustStore : path to truststore
SocketTrustStorePassword :  *****
NeedClientAuth :  "Y"


Then we work on migration of the code, from java 8 to java 11. We keep the same SSL configuration of Quickfix J, we keep the same version (2.1.0).
Now we have error with the SSL part :

javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 0
                at org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:502) ~[mina-core-2.0.17.jar!/:na]
                at org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:768) ~[mina-core-2.0.17.jar!/:na]
......
javax.net.ssl|ALL|36|NioProcessor-2|2021-01-17 20:53:25.961 UTC|SSLEngineImpl.java:724|Closing inbound of SSLEngine
javax.net.ssl|ERROR|36|NioProcessor-2|2021-01-17 20:53:25.962 UTC|TransportContext.java:342|Fatal (INTERNAL_ERROR): closing inbound before receiving peer's close_notify (
"throwable" : {
  javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify
               at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
               at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
               at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:337)

With java.net.SSL in debug, I don't have more information about the problem.

The truststore and the keystore are the same, and they are find by Quickfick J (If I configure a bad path for the keystore, I get an error message in the log about it)

I try some configurations in order to slove the problem, as adding this parameter to the JVM :
-Djdk.tls.client.protocols="TLSv1.2" -Djdk.tls.server.protocols="TLSv1.2"  -Djdk.tls.acknowledgeCloseNotify=true

But I get the same error.
I tried with the last version of QuickFixJ, but I still have the problem.

Do someone already have this issue or have an idea to slove it ?

Best regards,
Sebastien.


[Logo Orange Business Services]<http://www.orange-business.com/fr>

Sebastien Medard
ORANGE/OBS/SCE/DD SUBS/NEWOAB/DPS/PS/ATSI

seb...@or...<mailto:seb...@or...>

Tel Mobile : 06 07 02 09 71


_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

Re: [Quickfixj-users] QuickFixJ received the FXSWAP message(167=FXSWAP) from Bloomberg, then sent the different message to our client application.

[Christoph J. <chr...@ma...>]

Hi

you need to check the repeating groups in the message. The order of tags in the received message's repeating groups has to be the same as in the dictionary. This obviously isn't the case otherwise you wouldn't see that error message. 

Cheers,
Chris. 

Am 21. Januar 2021 05:01:54 MEZ schrieb JianHe Liao <jia...@me...>:
>Hi Chris,
>
>The Bloomberg emailed us MAP_v1.8_QuickFIX.xml as DataDictionary.
>We did the test again and QuickFixJ rejected this FXSWAP fix message.
>The FIX message and error message in the log file:
>
><20210120-01:28:55, FIX.4.4:MAP_BOT_UAT->MAP_BLP_UAT, incoming>
>(8=FIX.4.4|9=1172|35=8|49=MAP_BLP_UAT|56=MAP_BOT_UAT|34=92|144=FX|52=20210120-01:28:55|30=XOFF|60=20210120-01:28:54.204|120=GBP|150=F|31=0.88985|151=0|32=1000000|64=20210122|6=0.88985|1056=889850|37=3-2-806707596T-0-0|1057=Y|38=1000000|218=0|39=2|40=G|460=4|1300=XOFF|1390=0|11=3-2-806707596T-0-0|14=1000000|194=0.88985|854=0|15=EUR|75=20210120|195=0.000473|17=3-2-806707596T-0-0|167=FXSWAP|797=Y|22277=0|22280=0|54=B|55=EUR/GBP|119=889850|555=2|600=EUR/GBP|1788=1|602=EUR/GBP|603=6|607=4|609=FXSPOT|624=2|556=EUR|687=1000000|654=1|587=0|588=20210122|637=0.88985|1073=0|1074=889850|600=EUR/GBP|1788=2|602=EUR/GBP|603=6|607=4|609=FXFWD|624=1|556=EUR|687=1000000|654=2|587=6|588=20210222|637=0.890323|1073=0.000473|1074=890323|10009=1|10010=BGDM
>Nts|22486=0|22078=2|22079=1.2138|22080=20|22081=12|22079=1.3639|22080=20|22081=12|453=4|448=BTTF|447=D|452=13|802=3|523=BANK
>OF TAIWAN|803=1|523=30025010|803=2|523=KOYAO
>TSENG|803=9|448=BGDM|447=D|452=1|802=3|523=TEST BLOOMBERG
>DEMO|803=1|523=1638065|803=2|523=FXGO PRQA/CHRISTIAN
>L|803=9|448=PRODUCT TYPE|447=D|452=16|802=1|523=Dealing
>(RFQ)|803=4|448=30025010|447=D|452=11|768=2|769=20210120-01:28:54.204|770=1|769=20210120-01:28:39.000|770=10|10=223|)
>
><20210120-01:28:55, FIX.4.4:MAP_BOT_UAT->MAP_BLP_UAT, error> (Rejecting
>invalid message: quickfix.FieldException: Out of order repeating group
>members, field=602:
>8=FIX.4.4|9=1172|35=8|49=MAP_BLP_UAT|56=MAP_BOT_UAT|34=92|144=FX|52=20210120-01:28:55|30=XOFF|60=20210120-01:28:54.204|120=GBP|150=F|31=0.88985|151=0|32=1000000|64=20210122|6=0.88985|1056=889850|37=3-2-806707596T-0-0|1057=Y|38=1000000|218=0|39=2|40=G|460=4|1300=XOFF|1390=0|11=3-2-806707596T-0-0|14=1000000|194=0.88985|854=0|15=EUR|75=20210120|195=0.000473|17=3-2-806707596T-0-0|167=FXSWAP|797=Y|22277=0|22280=0|54=B|55=EUR/GBP|119=889850|555=2|600=EUR/GBP|1788=1|602=EUR/GBP|603=6|607=4|609=FXSPOT|624=2|556=EUR|687=1000000|654=1|587=0|588=20210122|637=0.88985|1073=0|1074=889850|600=EUR/GBP|1788=2|602=EUR/GBP|603=6|607=4|609=FXFWD|624=1|556=EUR|687=1000000|654=2|587=6|588=20210222|637=0.890323|1073=0.000473|1074=890323|10009=1|10010=BGDM
>Nts|22486=0|22078=2|22079=1.2138|22080=20|22081=12|22079=1.3639|22080=20|22081=12|453=4|448=BTTF|447=D|452=13|802=3|523=BANK
>OF TAIWAN|803=1|523=30025010|803=2|523=KOYAO
>TSENG|803=9|448=BGDM|447=D|452=1|802=3|523=TEST BLOOMBERG
>DEMO|803=1|523=1638065|803=2|523=FXGO PRQA/CHRISTIAN
>L|803=9|448=PRODUCT TYPE|447=D|452=16|802=1|523=Dealing
>(RFQ)|803=4|448=30025010|447=D|452=11|768=2|769=20210120-01:28:54.204|770=1|769=20210120-01:28:39.000|770=10|10=223|)
>
><20210120-01:28:55, FIX.4.4:MAP_BOT_UAT->MAP_BLP_UAT, error> (Reject
>sent for message 92: Out of order repeating group members, field=602)
>
>
>The Bloomberg people said:
>Your vendor system is not reading the repeart group tag 602 correctly
>and causing the reject. They need to review and fix the problem.
>
>We have no idea how to find out the cause of error.
>Would you please help us?
>
>
>Best regards,
>Jianhe
>
>
>From: Christoph John <chr...@ma...>
>Sent: Monday, January 18, 2021 6:41 PM
>To: qui...@li...; JianHe Liao
><jia...@me...>
>Subject: Re: [Quickfixj-users] QuickFixJ received the FXSWAP
>message(167=FXSWAP) from Bloomberg, then sent the different message to
>our client application.
>
>Hi,
>
>additional to the point that Winfried noted: it could also be that your
>DataDictionary does not match the messages that your counterparty is
>sending.
>
>Cheers,
>Chris.
>On 18.01.21 04:51, JianHe Liao wrote:
>
>QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>
>QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
>
>
>
>
>Hi,
>
>The FXSWAP message received by QuickFixJ from Bloomberg is as
>following:
><20210112-04:58:00, FIX.4.4:MAP_BOT_UAT->MAP_BLP_UAT, incoming>
>(8=FIX.4.49=117935=849=MAP_BLP_UAT56=MAP_BOT_UAT34=301144=FX52=20210112-04:58:0130=XOFF60=20210112-04:58:00.353120=JPY150=F31=126.65151=032=100000064=202101146=126.651056=12665000037=3-2-806597788T-0-01057=Y38=1000000218=039=240=G460=41300=XOFF1390=011=3-2-806597788T-0-014=1000000194=126.65854=015=EUR75=20210112195=0.051917=3-2-806597788T-0-0167=FXSWAP797=Y22277=022280=054=B55=EUR/JPY119=126650000555=2600=EUR/JPY1788=1602=EUR/JPY603=6607=4609=FXSPOT624=2556=EUR687=1000000654=1587=0588=20210114637=126.651073=01074=126650000600=EUR/JPY1788=2602=EUR/JPY603=6607=4609=FXFWD624=1556=EUR687=1000000654=2587=6588=20210216637=126.70191073=0.05191074=12670190010009=110010=BGDM
>Nts22486=022078=222079=1.214222080=2022081=1222079=0.00958622080=2022081=12453=4448=BTTF447=D452=13802=3523=BANK
>OF TAIWAN803=1523=30025010803=2523=KOYAO
>TSENG803=9448=BGDM447=D452=1802=3523=TEST BLOOMBERG
>DEMO803=1523=1638065803=2523=FXGO PRQA/CHRISTIAN L803=9448=PRODUCT
>TYPE447=D452=16802=1523=Dealing
>(RFQ)803=4448=30025010447=D452=11768=2769=20210112-04:58:00.353770=1769=20210112-04:57:39.000770=1010=128)
>
>The FXSWAP message received by our client application from QuickFixJ is
>as following:
>12:58:00,720 INFO  [com.stp.quickFixJ.ClientApplication] (QFJ Message
>Processor)        message:
>8=FIX.4.49=46135=834=30149=MAP_BLP_UAT52=20210112-04:58:0156=MAP_BOT_UAT144=FX6=126.6511=3-2-806597788T-0-014=100000015=EUR17=3-2-806597788T-0-030=XOFF31=126.6532=100000037=3-2-806597788T-0-038=100000039=240=G54=B55=EUR/JPY60=20210112-04:58:00.35364=2021011475=20210112119=126650000120=JPY150=F151=0167=FXSWAP194=126.65195=0.0519218=0460=4797=Y854=01056=1266500001057=Y1300=XOFF1390=022277=022280=0555=1600=EUR/JPY602=EUR/JPY1788=110=146
>
>the same: e.g.
>52=20210112-04:58:01
>194=126.65
>
>the different: e.g.
>9=1179    9=461
>555=2     555=1
>
>Caller Hierarchy:
>fromApp(Message, SessionID) : void -
>com.stp.quickFixJ.ClientApplication
>  fromCallback(String, Message, SessionID) : void - quickfix.Session
>    verify(Message, boolean, boolean) : boolean - quickfix.Session
>
>We do not know what's wrong.
>Would you please help us?
>
>
>Best regards,
>Jianhe
>
>
>
>
>
>
>_______________________________________________
>
>Quickfixj-users mailing list
>
>Qui...@li...<mailto:Qui...@li...>
>
>https://lists.sourceforge.net/lists/listinfo/quickfixj-users
>
>
>
>--
>
>Christoph John
>
>Software Engineering
>
>T +49 241 557080-28
>
>chr...@ma...<mailto:chr...@ma...>
>
>
>
>MACD GmbH
>
>Oppenhoffallee 103
>
>52066 Aachen, Germany
>
>www.macd.com<http://www.macd.com>
>
>
>
>Amtsgericht Aachen: HRB 8151
>
>Ust.-Id: DE 813021663
>
>Geschäftsführer: George Macdonald

Re: [Quickfixj-users] "Session not found" after logout and subsequent login during the day

[Christoph J. <chr...@ma...>]

No problem. :)


On 18.01.21 14:03, Visa Holopainen wrote:
> Actually, I seem to have made a typo in the code - sorry about the confusion!
>
> Visa
>
> ma 18. tammik. 2021 klo 14.56 Christoph John <chr...@ma... 
> <mailto:chr...@ma...>> kirjoitti:
>
>     Are you able to build the current snapshot version 2.2.1 from
>     https://github.com/quickfix-j/quickfixj <https://github.com/quickfix-j/quickfixj> ?
>     There is the following PR included which should improve start/stop behaviour:
>     https://github.com/quickfix-j/quickfixj/pull/324
>     <https://github.com/quickfix-j/quickfixj/pull/324>
>
>     Please let me know if it works as expected.
>
>     Cheers,
>     Chris.
>

-- 
Christoph John
Software Engineering
T +49 241 557080-28
chr...@ma...

MACD GmbH
Oppenhoffallee 103
52066 Aachen, Germany
www.macd.com

Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663
Geschäftsführer: George Macdonald