TT® FIX

Managing FIX Sessions

TT supports SSL-wrapped TCP connections for FIX connections. TT encrypted FIX utilizes server-side certificates only, similar to how most Secure HTTP (https) websites are implemented. Client certificates are not utilized or checked; client authentication occurs at the FIX protocol level utilizing SenderCompID in FIX tag 49 and password in FIX tag 96.

If your FIX engine natively supports SSL encryption, please consult the documentation for your FIX engine for configuration details. TT provides the TTFIX.crt file with the public certificates used by the TT® Platform FIX endpoint for customers’ use to minimize the risk of a Man-in-the-Middle attack.

If your FIX engine does not natively support SSL encryption, TT recommends using the open source stunnel proxy to implement the SSL encryption wrapper. Stunnel is available from https://www.stunnel.org/ and supports multiple operating systems, including Linux and Windows. Stunnel encrypts only the individual FIX connection, rather than implementing a full VPN tunnel as was traditionally used to encrypt FIX.

Creating FIX sessions

Before connecting your FIX client to TT FIX, the company administrator must create the FIX sessions that your FIX client will use. To create a FIX session:

  1. Log in to User Setup as a Company Administrator.
  2. From the Users drop down, select FIX Sessions.
  3. Choose + FIX Session and fill out the necessary fields. Use the Accounts tab to assign an account to a Drop Copy OUT FIX session or use the Users tab to assign a user to an Order Routing or Drop Copy IN FIX session.

For more information, see Adding a FIX Session.

Connecting to TT FIX

FIX clients can connect to TT FIX over a Secure TCP (SSL) connection using the following information. FIX clients can connect to the TT UAT environment via the Internet or stunnel; for the TT Production environment, clients can use stunnel.

UAT Production
FIX Back Office fixdropcopy-ext-uat-cert.trade.tt: 11501/11701 fixdropcopy-ext-prod-live.trade.tt: 11701
FIX Order Routing fixorderrouting-ext-uat-cert.trade.tt: 11502/11702 fixorderrouting-ext-prod-live.trade.tt: 11702
Security Definition fixsecurityinfo-ext-uat-cert.trade.tt: 11503/11703 fixsecurityinfo-ext-prod-live.trade.tt: 11703

To configure connections for stunnel:

  1. Install the stunnel software, if necessary.

    Note: The first time you install stunnel, you might receive a prompt similar to the following. If so, simply enter the appropriate information for your location and organization.

  2. Download the stunnel files from TT download portal.

    The zip file contains the TTFIX.crt public cert file and a sample stunnel client configuration file.

  3. Copy the TTFIX.crt file to the appropriate location on your system.

  4. Add the following to the stunnel configuration:

    • For TT FIX Drop Copy sessions:

      [dcfix-tcp]
      client = yes
      accept = 127.0.0.1:11701
      connect = FullyQualifiedDomainName:port
      CAfile = TTFIX.crt
      verify = 3

      where FullyQualifiedDomainName:port uses one of the values from the table above.

      FIX clients should use the following connection information:

      Host: 127.0.0.1
      Port: 11701

    • For TT FIX Order Routing sessions:

      [orfix-tcp]
      client = yes
      accept = 127.0.0.1:11702
      connect = FullyQualifiedDomainName:port
      CAfile = TTFIX.crt
      verify = 3

      where FullyQualifiedDomainName:port uses one of the values from the table above.

      FIX clients should use the following connection information:

      Host: 127.0.0.1
      Port: 11702

    • For TT FIX Security Definition sessions:

      [sdfix-tcp]
      client = yes
      accept = 127.0.0.1:11703
      connect = FullyQualifiedDomainName:port
      CAfile = TTFIX.crt
      verify = 3

      where FullyQualifiedDomainName:port uses one of the values from the table above.

      FIX clients should use the following connection information:

      Host: 127.0.0.1
      Port: 11703