Comments (26)
I think it would be a nice feature. QuickFIX/J has this.
from quickfixn.
it is trivial to do, thank heaven, once you are on .NET 4.0 / Visual Studio 2010 ;)
http://msdn.microsoft.com/de-de/library/system.net.security.sslstream.aspx
There is an SslStream class already ready for usage.
from quickfixn.
thanks for the link! Seems to be trivial. I have used ssl in QuickfIx/j. went thro its source code - pretty clean and neat. now in the process of using Quickfix/n to integrate with products based on .Net. Need SSL support as the FIX acceptor on the other side supports only SSL. Any plans when this will be out?
from quickfixn.
There are no plans. Would gladly accept submissions, though.
It's something we certainly should have, just no one's done it yet.
Does anyone know if this would require us to update to 4.0? I'm not opposed to it, but only if there is a good reason.
from quickfixn.
I do not think so. SSLStream class has been there since .NET 2.0
http://msdn.microsoft.com/en-us/library/system.net.security.sslstream(v=vs.80).aspx
from quickfixn.
We have added SSL support to quickfix/n and in the process rewritten the sslconnector to use stream instead of socket. I hope to post a patch within the next month(s?).
In the meantime I am open for suggestions about what settings are requried for SSL support, below is a list of the currently implemented settings:
SSLCheckCertificateRevocation=Y
SSLValidateServerCertificate=Y
SSLCertificatePath=mycert.p12 (SSL client certificate file, if not specified SSL will be turned off)
SSLCertificatePassword=CertPassword
SSLProtocols=Default (any value of http://msdn.microsoft.com/en-us/library/system.security.authentication.sslprotocols.aspx)
SSLHostname=fix.myhost.org (the common-name of the servers certificate, if different from host-name)
from quickfixn.
@Daniel-Svensson - have you looked to see if there are any similar settings in QuickFIX/J or the original QuickFIX? We'd like to keep the config settings similar, when possible.
from quickfixn.
- quickfix does not support SSL and instead recommend that you install a ssl tunnel.
- quickfix/j only a "SocketUseSSL" and very java specific names to configure certificate and password (and it requires specific java certificate-keystore to be used)
in short, there exist no god existing names for the settings so I choose to mimic the naming convention for apache mod_ssl (with SSL prefix) togheter with keeping to standard C# naming conventions, as it makes it very easy to identify and find settings concerning SSL.
I do however wonder if anyone have come in contact with a production FIX SSL environment where client certificate are not used?
from quickfixn.
@Daniel-Svensson - thanks for looking that up. I think your naming convention is appropriate. If there is no obvious commonality with the QF or QF/j, then we'll just make it up as we go.
Sorry, I myself have not needed SSL with QF/n yet, thus I don't have much feedback to give at this time.
from quickfixn.
We use SSL a lot, so I’m quite happy to do testing on this.
Given that many users would be migrating from stunnel, it might be worth keeping close to their configuration too if possible.
E.g. rather than SSLValidateServerCertficate Y/N, stunnel has verify level (0-4)
From: Grant Birchmeier [mailto:[email protected]]
Sent: 03 January 2013 15:45
To: connamara/quickfixn
Subject: Re: [quickfixn] Built in SSL (#18)
@Daniel-Svenssonhttps://github.com/Daniel-Svensson - thanks for looking that up. I think your naming convention is appropriate. If there is no obvious commonality with the QF or QF/j, then we'll just make it up as we go.
Sorry, I myself have not needed SSL with QF/n yet, thus I don't have much feedback to give at this time.
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/18#issuecomment-11848057.
from quickfixn.
That'd be great if you guys can work this feature out. I just don't have the bandwidth, nor the knowledge at this time.
from quickfixn.
I've made an initial version with SSL support availible at https://github.com/Daniel-Svensson/quickfixn
Feel free to try it, I don't plan any major changes before I make a pull request except that I will look into making client certificate optional.
I've added a new setting "SSLCACertificatePath=caServerCert.cer" in order to allow validation of client certificates against a single CA certificate (and not all certificates in the certificate store)
@jcwild, i will stick with Y/N as it is easier to implement instead of trying tomimic stunnel's 5 levels
from quickfixn.
Just added pull request #167 which implements SSL support
Documentation is added to the quickfix configuration documentation section (of the pull request)
from quickfixn.
So is SSL available now? or do I still need to use stunnel?
from quickfixn.
@russgove, if you compile quickfixn yourself you can get ssl support if you either merge my pull request #167 or compile it directly.
If you however decide for the later I must "warn" you that it is based on quickfixn 1.4.0 beta2 and I have not merged in any later changes from quickfixn in order to keep it stable in until @gbirchmeier merges it.
from quickfixn.
Thanls Daniel, I have been trying to manually merge your changes into my local quickfix (1.4.0) but haven't gotten far. I don't know how to do a GIT merge....perhaps now is a good time to learn!
Seeing that your pull request was submitted over 7 months ago and no action has been taken, I guess there's little hope that anything will be done soon. Thats unfortunate. Are you using your SSL Mod in a production environment? I'm trying to figure out if I should 1.)try to take on your mod 2.) go with quickfix/N+stunnel 3.) quickfix/J or 4.) paid product... Any advice would be much appreciated.
from quickfixn.
Sorry for the non-activity. I've been stuck on a project for most of the
summer and I haven't made time for QF/n. I'm hoping to get on some of
these within the month.
from quickfixn.
Thanks Grant! I'm trying to figure out this GIT thing so i can put that
patch on my local instance. I'll be sure to let you guys know how it works
for me.
So I'm doing '$ git pull #167'
and that doesnt work ... how the heck to i merger that code.....
On Wed, Sep 11, 2013 at 9:46 AM, Grant Birchmeier
[email protected]:
Sorry for the non-activity. I've been stuck on a project for most of the
summer and I haven't made time for QF/n. I'm hoping to get on some of
these within the month.On Wed, Sep 11, 2013 at 7:57 AM, russellgove [email protected]:
Thanls Daniel, I have been trying to manually merge your changes into my
local quickfix (1.4.0) but haven't gotten far. I don't know how to do a
GIT
merge....perhaps now is a good time to learn!
Seeing that your pull request was submitted over 7 months ago and no
action has been taken, I guess there's little hope that anything will be
done soon. Thats unfortunate. Are you using your SSL Mod in a production
environment? I'm trying to figure out if I should 1.)try to take on your
mod 2.) go with quickfix/N+stunnel 3.) quickfix/J or 4.) paid product...
Any advice would be much appreciated.—
Reply to this email directly or view it on GitHub<
https://github.com/connamara/quickfixn/issues/18#issuecomment-24237415>
.Grant Birchmeier
Connamara Systems, LLC
Made-To-Measure Trading Solutions.
Exactly what you need. No more. No less.*
*
http://connamara.com—
Reply to this email directly or view it on GitHubhttps://github.com//issues/18#issuecomment-24240721
.
from quickfixn.
You want this:
git pull git://github.com/Daniel-Svensson/quickfixn.git master
This is the branch that the pull request is using.
from quickfixn.
Does the 1.5 release includes ssl support?
from quickfixn.
I haven't actually tried the official funal 1.5 build, but it should be included.
From: russellgove
Sent: 2014-02-24 16:01
To: connamara/quickfixn
Cc: Daniel-Svensson
Subject: Re: [quickfixn] Built in SSL (#18)
Does the 1.5 releas includes ssl support?
Reply to this email directly or view it on GitHub:
#18 (comment)
from quickfixn.
It does, at least as far as @Daniel-Svensson implemented it.
@russgove, Please let us know what you think of it. We haven't gotten much feedback on it.
from quickfixn.
Hi
Can quckfix/n work with a client certificate file with the .pem extension?
E.g. SSLCertificaste=foo.pem.
Thanks.
from quickfixn.
No, right now it only supports PKCS12.
I think we really should support pem, but no one has written it.
from quickfixn.
HI does QuickFIX/n support SSL with .pem certificates and what are the config parameters, pls point me to the doc if any.
http://quickfixn.org/tutorial/configuration.html#ssl this site does nor provide teh SSL settings
from quickfixn.
@hadagali, look one post above yours.
No, right now it only supports PKCS12.
I think we really should support pem, but no one has written it.
from quickfixn.
Related Issues (20)
- Nuget for Version 1.11 HOT 1
- HttpServer Issue with SessionID HOT 2
- DataDictionary files are missing from nuget HOT 3
- Unhelpful behaviour for unknown fields HOT 1
- deployment script redesign
- Yes, we know the mailing list is down HOT 1
- Release 1.11.0 announcement
- DDField.cs SEQNUM type is still int after 24x7 ulong implementation HOT 1
- not able to capture the return message after login and seq mismatch HOT 2
- "Acceptor heartbeat set to" log message is wrong
- In Logout session, the field=553(Username) is redundant HOT 2
- Udp protocol support HOT 1
- FIX50 IOIQty does not allow Numeric Quantity HOT 2
- Not send Missing Application messages to the receiving application as response for Resend Request HOT 2
- Unhandled Exception in SocketInitiator.OnStart() can Terminate Process HOT 8
- Enhanced CME Globex Resend Logic HOT 3
- Wrong time format for TimeStampPrecision=NANO HOT 4
- Weekdays setting implementation HOT 1
- setting "TimeStampPrecision" is not documented
- performance tests HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from quickfixn.