TT® FIX Recovery

Configuring client connectivity

Configuring client connectivity

UAT FIX client connectivity is available via the Internet or Stunnel (secure Internet).

TT supports SSL-wrapped TCP connections for FIX connections. TT encrypted FIX utilizes server-side certificates only, similar to how most Secure HTTP (https) websites are implemented. Client certificates are not utilized or checked; client authentication occurs at the FIX protocol level utilizing SenderCompID in FIX tag 49 and password in FIX tag 96.

If your FIX engine natively supports SSL encryption, please consult the documentation for your FIX engine for configuration details. TT provides the stunnel.zip file which contains the TTFIX.crt. This file contains the public certificates utilized by the TT Platform's FIX endpoints for customers’ use to minimize the risk of a Man-in-the-Middle attack.

If your FIX engine does not natively support SSL encryption, TT recommends using the open source stunnel proxy to implement the SSL encryption wrapper. Stunnel is available from https://www.stunnel.org/ and supports multiple operating systems, including Linux and Windows. Stunnel encrypts only the individual FIX connection, rather than implementing a full VPN tunnel as was traditionally used to encrypt FIX.

Your company on-premises DNS services must be able to access public DNS entries below pending the connection method:

Internet Stunnel
Recovery - Drop Copy fixrecovery-ext-uat-cert.trade.tt: 11505/11705 fixrecovery-ext-prod-live.trade.tt: 11705
Recovery - Order Routing fixrecovery-ext-uat-cert.trade.tt: 11508/11708 fixrecovery-ext-prod-live.trade.tt: 11708

To configure connections for stunnel:

  1. Install the stunnel software, if necessary.

    Note: The first time you install stunnel, you might receive a prompt similar to the following. If so, simply enter the appropriate information for your location and organization.

  2. Download TT's stunnel.zip file.

    The zip file contains the TTFIX.crt public cert file and a sample stunnel client configuration file.
  3. Copy the TTFIX.crt file to the appropriate location on your system.
  4. Add the following to the stunnel configuration:

    For Dropy Copy Recovery

    [sdfix-tcp]
    client = yes
    accept = 127.0.0.1:11705
    connect = FullyQualifiedDomainName:port
    CAfile = TTFIX.crt
    verify = 3

    For Order Routing Recovery

    [sdfix-tcp]
    client = yes
    accept = 127.0.0.1:11708
    connect = FullyQualifiedDomainName:port
    CAfile = TTFIX.crt
    verify = 3

    where FullyQualifiedDomainName:port uses one of the values from the table above.

    FIX clients should use the following connection information:

    For Drop Copy Recovery

    • Host: 127.0.0.1
    • Port: 11705

    For Order Routing Recovery

    • Host: 127.0.0.1
    • Port: 11708