在 Windows 2012 服务器上使用 QuickFix.Net 在贸易捕获的修复连接中添加强密码

Question

We have a C# Windows service running on a Windows 2012 box which uses the QuickFIx.NET DLL. The App transmits some trades over for Regulator reasons. We are being enforced to add additional Ciphers by our receiver. Following 2 are needed ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 Our Fix connection to the Regulator is via https At network level, on our Box and Domain controller we confirmed that TLS 1.2 is enabled and the Ciphers are added to allowed Ciphers.

However our Destination Fix host is still not seeing the Ciphers show up in the Fix messages.

We upgraded to Ver 1.10 of Quickfix/N .NET and out .NET Windows service app is upgraded to.Net Framework 4.7.2

On the Box where the service is present, we ensured Registry keys for HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\ both Server and Client have DisabledByDefault = 0 and Enabled = 1

Any advice on how to get the QUickFix.NET to pick up these new Ciphers?

Answer 1

This might be a bit late but I had the same requirements quite recently (is your client MarketAxess / Trax out of curiosity?).

I assume the TLS setup is done at your FIX configuration level? I tried many many things and couldn't understand how the .NET dll was selecting which ciphers to use. I fixed my issue by removing the TLS config settings at the session level and went trough Stunnel, then the ciphers list sent was the one I was able to see on the machine.

Hope this helps.