Quickfix/J TLS Support

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Quickfix/J TLS Support

Aykut SAY
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/



I am using quickfix/j to connect to the vendor with SSL security. They usually send PEM files and converted PEM file (including keys) to JKS and it works perfect.

But vendor changed their security policy and we need to use TLS with provided PFX.
I converted PFX file to JKS but vendor informed me that they see error like "wrong version number" on their server logs.

I re-searched a bit but could not find any detailed information and I start to think that quickfix/j does not support TLS. Am I right?

Thanks,
Aykut

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Quickfix/J TLS Support

Christoph John
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Hi,

I never used TLS with QF/J but in my opinion it should work if correctly configured. E.g. if you
look at this test
https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java 
then there is TLSv1.2 used. So it should work if your used JDK supports the desired cipher.

Chris.




On 18/01/17 08:52, Aykut SAY wrote:

> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
>
>
> I am using quickfix/j to connect to the vendor with SSL security. They usually send PEM files and
> converted PEM file (including keys) to JKS and it works perfect.
>
> But vendor changed their security policy and we need to use TLS with provided PFX.
> I converted PFX file to JKS but vendor informed me that they see error like "wrong version number"
> on their server logs.
>
> I re-searched a bit but could not find any detailed information and I start to think that
> quickfix/j does not support TLS. Am I right?
>
> Thanks,
> Aykut
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> Quickfixj-users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

--
Christoph John
Development & Support
Direct: +49 241 557080-28
Mailto:[hidden email]
       


http://www.macd.com <http://www.macd.com/>
----------------------------------------------------------------------------------------------------
       
----------------------------------------------------------------------------------------------------
MACD GmbH
Oppenhoffallee 103
D-52066 Aachen
Tel: +49 241 557080-0 | Fax: +49 241 557080-10
         Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663

Geschäftsführer: George Macdonald
----------------------------------------------------------------------------------------------------
       
----------------------------------------------------------------------------------------------------

take care of the environment - print only if necessary

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Quickfix/J TLS Support

Christoph John
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Also take a look at this
http://www.quickfixj.org/quickfixj/usermanual/1.6.3/usage/configuration.html (search for SSL).

Chris.

On 18/01/17 09:01, Christoph John wrote:

> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
> QuickFIX/J Support: http://www.quickfixj.org/support/
>
>
> Hi,
>
> I never used TLS with QF/J but in my opinion it should work if correctly configured. E.g. if you
> look at this test
> https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java
> then there is TLSv1.2 used. So it should work if your used JDK supports the desired cipher.
>
> Chris.
>
>
>
>
> On 18/01/17 08:52, Aykut SAY wrote:
>> QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
>> QuickFIX/J Support: http://www.quickfixj.org/support/
>>
>>
>>
>>
>> I am using quickfix/j to connect to the vendor with SSL security. They usually send PEM files and
>> converted PEM file (including keys) to JKS and it works perfect.
>>
>> But vendor changed their security policy and we need to use TLS with provided PFX.
>> I converted PFX file to JKS but vendor informed me that they see error like "wrong version number"
>> on their server logs.
>>
>> I re-searched a bit but could not find any detailed information and I start to think that
>> quickfix/j does not support TLS. Am I right?
>>
>> Thanks,
>> Aykut
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>
>>
>> _______________________________________________
>> Quickfixj-users mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/quickfixj-users

--
Christoph John
Development & Support
Direct: +49 241 557080-28
Mailto:[hidden email]
       


http://www.macd.com <http://www.macd.com/>
----------------------------------------------------------------------------------------------------
       
----------------------------------------------------------------------------------------------------
MACD GmbH
Oppenhoffallee 103
D-52066 Aachen
Tel: +49 241 557080-0 | Fax: +49 241 557080-10
         Amtsgericht Aachen: HRB 8151
Ust.-Id: DE 813021663

Geschäftsführer: George Macdonald
----------------------------------------------------------------------------------------------------
       
----------------------------------------------------------------------------------------------------

take care of the environment - print only if necessary

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Quickfix/J TLS Support

Øyvind Matheson Wergeland
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/



You may need to upgrade your runtime JDK. Check this page for supported versions of SSL/TLS:

https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https


Best regards

Øyvind Matheson Wergeland
CTO


Mobile: (+47) 95 16 16 88
E-mail: [hidden email]

Oslo Market Solutions
PO Box 4, 0051 Oslo, Norway
Telephone: (+47) 40 00 23 13
www.oslomarketsolutions.no

On 18.01.2017 09.08, Christoph John wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Also take a look at this 
http://www.quickfixj.org/quickfixj/usermanual/1.6.3/usage/configuration.html (search for SSL).

Chris.

On 18/01/17 09:01, Christoph John wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Hi,

I never used TLS with QF/J but in my opinion it should work if correctly configured. E.g. if you
look at this test
https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java
then there is TLSv1.2 used. So it should work if your used JDK supports the desired cipher.

Chris.




On 18/01/17 08:52, Aykut SAY wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/




I am using quickfix/j to connect to the vendor with SSL security. They usually send PEM files and
converted PEM file (including keys) to JKS and it works perfect.

But vendor changed their security policy and we need to use TLS with provided PFX.
I converted PFX file to JKS but vendor informed me that they see error like "wrong version number"
on their server logs.

I re-searched a bit but could not find any detailed information and I start to think that
quickfix/j does not support TLS. Am I right?

Thanks,
Aykut


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot


_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users

    


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Quickfix/J TLS Support

Aykut SAY
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/



Hi All,

Thanks for quick responses and guidance.
I configured quickfix/j as below with using quickfix.1.6.3 and can connect to the session.

SocketUseSSL=Y
SocketKeyStore=abc.pfx
SocketKeyStorePassword=mypassword
KeyStoreType=PKCS12
EnabledProtocols=TLSv1.2


Regards,
Aykut

On Wed, Jan 18, 2017 at 2:58 PM, Øyvind Matheson Wergeland <[hidden email]> wrote:
QuickFIX/J Documentation: <a href="http://www.quickfixj.org/documentation/ QuickFIX/J" rel="noreferrer" target="_blank">http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/



You may need to upgrade your runtime JDK. Check this page for supported versions of SSL/TLS:

https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https


Best regards

Øyvind Matheson Wergeland
CTO


Mobile: (+47) 95 16 16 88
E-mail: [hidden email]

Oslo Market Solutions
PO Box 4, 0051 Oslo, Norway
Telephone: (+47) 40 00 23 13
www.oslomarketsolutions.no

On 18.01.2017 09.08, Christoph John wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Also take a look at this 
http://www.quickfixj.org/quickfixj/usermanual/1.6.3/usage/configuration.html (search for SSL).

Chris.

On 18/01/17 09:01, Christoph John wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Hi,

I never used TLS with QF/J but in my opinion it should work if correctly configured. E.g. if you
look at this test
https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java
then there is TLSv1.2 used. So it should work if your used JDK supports the desired cipher.

Chris.




On 18/01/17 08:52, Aykut SAY wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/




I am using quickfix/j to connect to the vendor with SSL security. They usually send PEM files and
converted PEM file (including keys) to JKS and it works perfect.

But vendor changed their security policy and we need to use TLS with provided PFX.
I converted PFX file to JKS but vendor informed me that they see error like "wrong version number"
on their server logs.

I re-searched a bit but could not find any detailed information and I start to think that
quickfix/j does not support TLS. Am I right?

Thanks,
Aykut


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot


_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users

    


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Quickfix/J TLS Support

Christoph John
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/



Hi,
great, thanks for the feedback.
Cheers

Am 23. Januar 2017 21:36:11 MEZ schrieb Aykut SAY <[hidden email]>:
Hi All,

Thanks for quick responses and guidance.
I configured quickfix/j as below with using quickfix.1.6.3 and can connect to the session.

SocketUseSSL=Y
SocketKeyStore=abc.pfx
SocketKeyStorePassword=mypassword
KeyStoreType=PKCS12
EnabledProtocols=TLSv1.2


Regards,
Aykut

On Wed, Jan 18, 2017 at 2:58 PM, Øyvind Matheson Wergeland <[hidden email]> wrote:
QuickFIX/J Documentation: <a href="http://www.quickfixj.org/documentation/ QuickFIX/J" rel="noreferrer" target="_blank">http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/



You may need to upgrade your runtime JDK. Check this page for supported versions of SSL/TLS:

https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https


Best regards

Øyvind Matheson Wergeland
CTO


Mobile: (+47) 95 16 16 88
E-mail: [hidden email]

Oslo Market Solutions
PO Box 4, 0051 Oslo, Norway
Telephone: (+47) 40 00 23 13
www.oslomarketsolutions.no

On 18.01.2017 09.08, Christoph John wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Also take a look at this 
http://www.quickfixj.org/quickfixj/usermanual/1.6.3/usage/configuration.html (search for SSL).

Chris.

On 18/01/17 09:01, Christoph John wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/


Hi,

I never used TLS with QF/J but in my opinion it should work if correctly configured. E.g. if you
look at this test
https://github.com/quickfix-j/quickfixj/blob/master/quickfixj-core/src/test/java/quickfix/mina/ssl/SSLCertificateTest.java
then there is TLSv1.2 used. So it should work if your used JDK supports the desired cipher.

Chris.




On 18/01/17 08:52, Aykut SAY wrote:
QuickFIX/J Documentation: http://www.quickfixj.org/documentation/
QuickFIX/J Support: http://www.quickfixj.org/support/




I am using quickfix/j to connect to the vendor with SSL security. They usually send PEM files and
converted PEM file (including keys) to JKS and it works perfect.

But vendor changed their security policy and we need to use TLS with provided PFX.
I converted PFX file to JKS but vendor informed me that they see error like "wrong version number"
on their server logs.

I re-searched a bit but could not find any detailed information and I start to think that
quickfix/j does not support TLS. Am I right?

Thanks,
Aykut


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot


_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users

    


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Quickfixj-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/quickfixj-users
Loading...