SSL Configuration

Overview

SSL could be configured by modifying the engine.properties configuration file. Please refer to the FIX Antenna documentation for further details.

FIX Antenna Python allows to configure SSL programmatically.

SSL configuration for Acceptor sessions

To create an Acceptor session with SSL support, follow these steps:

  • Create an SSL context configurator with the SSL configuration options (used protocols, ciphers list, paths to the certificate file, private key file, etc.)

  • Create an SSL Server Context and include it in the extra parameters for the session (V12.FIXAntenna.SessionParameters)

  • Specify a listen port within the extra parameters as well

  • Create an Acceptor session using the extra parameters.

Here is an example of how to create an acceptor session with SSL support:

properties = v12.FAProperties()

ssl_configurator = properties.get_ssl_context_configurator_instance(
    v12.SslContext.PROTOCOL_TLS_V1_2,
    "AES+aRSA:AES+aECDH:AES+aECDSA:@STRENGTH",
    "certificateA.crt",
    "certificateB.crt",
    "certificateB.key",
    "",
    "",
    True)

ssl_context = properties.get_ssl_server_context(ssl_configurator)

params = v12.SessionParameters()
params.ssl_context = ssl_context
params["ListenPort"] = "9106"

session = engine.create_session(v12.SessionId('TestServer', 'TestClient'), "FIX44", v12.FIXVersion.FIX44, params)

For more details refer to the API reference: V12.FIXAntenna.FAProperties.get_ssl_context_configurator_instance(), V12.FIXAntenna.FAProperties.get_ssl_server_context()

SSL configuration for Intiator session

To enable SSL in the Initiator session create an SSL Client Context and pass it to the extra parameters (V12.FIXAntenna.SessionParameters) that are used for creating the session:

ssl_context = v12.SslClientContext()

params = v12.SessionParameters()
params.ssl_context = ssl_context

session = engine.create_session(v12.SessionId('TestClient', 'TestServer'), "FIX44", v12.FIXVersion.FIX44, params)

Advanced SSL configuration for Initiator sessions can be achived by creating an SSL context configurator object.

Here is an example of how to create an initiator session with advanced SSL configuration:

properties = v12.FAProperties()

ssl_configurator = properties.get_ssl_context_configurator_instance(
    v12.SslContext.PROTOCOL_TLS_V1_2,
    "AES+aRSA:AES+aECDH:AES+aECDSA:@STRENGTH",
    "certificateB.crt",
    "certificateA.crt",
    "certificateA.key",
    "",
    "",
    True)

ssl_context = properties.get_ssl_client_context(ssl_configurator)

params = v12.SessionParameters()
params.ssl_context = ssl_context

session = engine.create_session(v12.SessionId('TestClient', 'TestServer'), "FIX44", v12.FIXVersion.FIX44, params)

Custom SSL context configurator

To implement custom SSL configuration logic, it’s possible to subclass the V12.FIXAntenna.SslContextConfigurator class.

class CustomSslContextConfigurator(v12.SslContextConfigurator):
    def __init__():
        v12.SslContextConfigurator.__init__(self)

    # Override the neccessary methods to implement custom SSL configuration logic

Refer to the V12.FIXAntenna.SslContextConfigurator class documentation for the full list of available methods.