SSL Configuration
Overview
SSL could be configured by modifying the engine.properties configuration file. Please refer to the FIX Antenna documentation for further details.
FIX Antenna Python allows to configure SSL programmatically.
SSL configuration for Acceptor sessions
To create an Acceptor session with SSL support, follow these steps:
Create an SSL context configurator with the SSL configuration options (used protocols, ciphers list, paths to the certificate file, private key file, etc.)
Create an SSL Server Context and include it in the extra parameters for the session (
V12.FIXAntenna.SessionParameters
)Specify a listen port within the extra parameters as well
Create an Acceptor session using the extra parameters.
Here is an example of how to create an acceptor session with SSL support:
properties = v12.FAProperties()
ssl_configurator = properties.get_ssl_context_configurator_instance(
v12.SslContext.PROTOCOL_TLS_V1_2,
"AES+aRSA:AES+aECDH:AES+aECDSA:@STRENGTH",
"certificateA.crt",
"certificateB.crt",
"certificateB.key",
"",
"",
True)
ssl_context = properties.get_ssl_server_context(ssl_configurator)
params = v12.SessionParameters()
params.ssl_context = ssl_context
params["ListenPort"] = "9106"
session = engine.create_session(v12.SessionId('TestServer', 'TestClient'), "FIX44", v12.FIXVersion.FIX44, params)
For more details refer to the API reference: V12.FIXAntenna.FAProperties.get_ssl_context_configurator_instance()
, V12.FIXAntenna.FAProperties.get_ssl_server_context()
SSL configuration for Intiator session
To enable SSL in the Initiator session create an SSL Client Context and pass it to the extra
parameters (V12.FIXAntenna.SessionParameters
) that are used for creating the session:
ssl_context = v12.SslClientContext()
params = v12.SessionParameters()
params.ssl_context = ssl_context
session = engine.create_session(v12.SessionId('TestClient', 'TestServer'), "FIX44", v12.FIXVersion.FIX44, params)
Advanced SSL configuration for Initiator sessions can be achived by creating an SSL context configurator object.
Here is an example of how to create an initiator session with advanced SSL configuration:
properties = v12.FAProperties()
ssl_configurator = properties.get_ssl_context_configurator_instance(
v12.SslContext.PROTOCOL_TLS_V1_2,
"AES+aRSA:AES+aECDH:AES+aECDSA:@STRENGTH",
"certificateB.crt",
"certificateA.crt",
"certificateA.key",
"",
"",
True)
ssl_context = properties.get_ssl_client_context(ssl_configurator)
params = v12.SessionParameters()
params.ssl_context = ssl_context
session = engine.create_session(v12.SessionId('TestClient', 'TestServer'), "FIX44", v12.FIXVersion.FIX44, params)
Custom SSL context configurator
To implement custom SSL configuration logic, it’s possible to subclass the V12.FIXAntenna.SslContextConfigurator
class.
class CustomSslContextConfigurator(v12.SslContextConfigurator):
def __init__():
v12.SslContextConfigurator.__init__(self)
# Override the neccessary methods to implement custom SSL configuration logic
Refer to the V12.FIXAntenna.SslContextConfigurator
class documentation for the full list of available methods.