Secure Communications using SSL

QuickFIX/J supports secure sockets via the Apache MINA SSL I/O filter.

The default usage of SSL is very simple. Add the following setting to your QFJ settings file:

SocketUseSSL=Y

This setting must be used for both acceptors and initiators.

Specific SSL Certificates

If you need to use a specific SSL certificate, configure your session like below:

SocketUseSSL=Y
SocketKeyStore=[your key store path]
SocketKeyStorePassword=[your key store password]

Client Authentication

If certificates require authentication, additional settings must be provided:

SocketTrustStore=[your trust store path]
SocketTrustStorePassword=[your trust store password]

Acceptor certificates are always authenticated by the initiator. Authenticating client certificates on the Acceptor side requires the following setting:

NeedClientAuth=Y

Example Configurations

Acceptor configuration with client certificate authentication:

[DEFAULT]
ConnectionType=acceptor
SocketAcceptHost=localhost
SocketUseSSL=Y
CipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA
EnabledProtocols=TLSv1.2
SocketKeyStore=acceptor.keystore
SocketKeyStorePassword=password
NeedClientAuth=Y

[SESSION]
BeginString=FIX.4.4
SocketAcceptPort=12341
TargetCompID=ZULU1
SenderCompID=ALFA1
SocketTrustStore=acceptor1.truststore
SocketTrustStorePassword=password

Initiator configuration:

[DEFAULT]
ConnectionType=initiator
SocketConnectProtocol=SOCKET
SocketConnectHost=localhost
SocketConnectPort=12341
SocketUseSSL=Y
CipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA
EnabledProtocols=TLSv1.2
SocketKeyStore=initiator1.keystore
SocketKeyStorePassword=password
SocketTrustStore=initiator1.truststore
SocketTrustStorePassword=password

[SESSION]
BeginString=FIX.4.4
TargetCompID=ALFA1
SenderCompID=ZULU1

Specific SSL Certificates​

Client Authentication​

Example Configurations​

Specific SSL Certificates

Client Authentication

Example Configurations