This technique relies on the MINA SSL I/O filter.
The default usage of SSL is very simple. Just add the following setting to your QFJ settings file.
SocketUseSSL=YThis setting must be used for both acceptors and initiators. If you need to use a specific SSL certificate, configure your session like below.
SocketUseSSL=Y SocketKeyStore=[your key store path] SocketKeyStorePassword=[your key store password]If certificates require authentication additional settings must be provided.
SocketTrustStore=[your trust store path] SocketTrustStorePassword=[your trust store password]Acceptor certificates are always authenticated by the initiator. Authenticating client certificates require the following setting.
NeedClientAuth=YExample acceptor configuration with client certificate authentication.
[DEFAULT] StartTime=00:00:00 EndTime=00:00:00 ReconnectInterval=2 ConnectionType=acceptor HeartBtInt=30 SocketConnectProtocol=SOCKET SocketAcceptHost=localhost # SSL properties SocketUseSSL=Y CipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA EnabledProtocols=TLSv1.2 SocketKeyStore=acceptor.keystore SocketKeyStorePassword=password NeedClientAuth=Y [SESSION] BeginString=FIX.4.4 DataDictionary=FIX44.xml SocketAcceptPort=12341 TargetCompID=ZULU1 SenderCompID=ALFA1 # SSL properties SocketTrustStore=acceptor1.truststore SocketTrustStorePassword=password [SESSION] BeginString=FIX.4.4 DataDictionary=FIX44.xml SocketAcceptPort=12342 TargetCompID=ZULU2 SenderCompID=ALFA2 # SSL properties SocketTrustStore=acceptor2.truststore SocketTrustStorePassword=passwordExample initiator configuration.
[DEFAULT] StartTime=00:00:00 EndTime=00:00:00 ReconnectInterval=2 ConnectionType=initiator HeartBtInt=30 SocketConnectProtocol=SOCKET SocketConnectHost=localhost SocketConnectPort=12341 # SSL properties SocketUseSSL=Y CipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA EnabledProtocols=TLSv1.2 SocketKeyStore=initiator1.keystore SocketKeyStorePassword=password SocketTrustStore=initiator1.truststore SocketTrustStorePassword=password [SESSION] BeginString=FIX.4.4 DataDictionary=FIX44.xml TargetCompID=ALFA1 SenderCompID=ZULU1Also see the tests in
quickfix.mina.ssl.SecureSocketTest and quickfix.mina.ssl.SSLCertificateTest.