{"id":7163,"date":"2025-08-28T22:36:25","date_gmt":"2025-08-29T03:36:25","guid":{"rendered":"https:\/\/librarytestdev.wpenginepowered.com\/?post_type=doc&#038;p=7163"},"modified":"2025-12-18T16:11:47","modified_gmt":"2025-12-18T22:11:47","slug":"configuring-client-connectivity-4","status":"publish","type":"doc","link":"https:\/\/library-staging.tradingtechnologies.com\/tt-fix\/tt-fix-drop-copy-out\/overview-tt-fix-drop-copy-out\/configuring-client-connectivity-4\/","title":{"rendered":"Configuring client connectivity"},"content":{"rendered":"\n<p>\n  UAT FIX client connectivity is available via the Internet or\n  <a href=\"https:\/\/www.stunnel.org\/downloads.html\">Stunnel<\/a> (secure\n  Internet).\n<\/p>\n\n<p>\n  TT supports SSL-wrapped TCP connections for FIX connections. TT encrypted FIX\n  utilizes server-side certificates only, similar to how most Secure HTTP\n  (https) websites are implemented. Client certificates are not utilized or\n  checked; client authentication occurs at the FIX protocol level utilizing\n  SenderCompID in FIX tag 49 and password in FIX tag 96.\n<\/p>\n<p>\n  If your FIX engine natively supports SSL encryption, please consult the\n  documentation for your FIX engine for configuration details. TT provides the\n  <a href=\"\/tt-fix\/general\/stunnel.zip\">stunnel.zip<\/a>\n  file which contains the TTFIX.crt. This file contains the public certificates\n  utilized by the TT Platform&#8217;s FIX endpoints for\n  customers\u2019 use to minimize the risk of a Man-in-the-Middle attack.\n<\/p>\n\n<p>\n  If your FIX engine does not natively support SSL encryption, TT recommends\n  using the open source stunnel proxy to implement the SSL encryption wrapper.\n  Stunnel is available from\n  <a href=\"https:\/\/www.stunnel.org\/\">https:\/\/www.stunnel.org\/<\/a> and supports\n  multiple operating systems, including Linux and Windows. Stunnel encrypts only\n  the individual FIX connection, rather than implementing a full VPN tunnel as\n  was traditionally used to encrypt FIX.\n<\/p>\n\n<p>\n  Your company on-premises DNS services must be able to access public DNS\n  entries below pending the connection method:\n<\/p>\n\n<table class=\"table table-striped table-bordered\" border=\"1\">\n  <thead>\n    <tr>\n      <th><\/th>\n      <th><strong>Internet<\/strong><\/th>\n      <th><strong>Stunnel<\/strong><\/th>\n    <\/tr>\n  <\/thead>\n  <tbody>\n    \n    <tr>\n      <td><strong>FIX Order Routing<\/strong><\/td>\n      <td>fixorderrouting-ext-uat-cert.trade.tt: 11502<\/td>\n      <td>fixorderrouting-ext-uat-cert.trade.tt: 11702<\/td>\n    <\/tr>\n    \n  <\/tbody>\n<\/table>\n\n<p>To configure connections for stunnel:<\/p>\n<ol>\n  <li>\n    Install the\n    <a href=\"https:\/\/www.stunnel.org\/downloads.html\">stunnel<\/a> software, if\n    necessary.\n    <p><\/p>\n    <strong>Note<\/strong>: The first time you install stunnel, you might receive\n    a prompt similar to the following. If so, simply enter the appropriate\n    information for your location and organization.\n    <p><img decoding=\"async\" class=\"img-responsive\" src=\"https:\/\/library-staging.tradingtechnologies.com\/wp-content\/uploads\/2025\/08\/stunnel-warning-4.png\"><\/p>\n  <\/li>\n  <li>\n    Download TT&#8217;s\n    <a href=\"\/wp-content\/uploads\/2025\/12\/stunnel.zip\">stunnel.zip file<\/a>.\n    <p><\/p>\n    The zip file contains the <b>TTFIX.crt<\/b> public cert file and a sample\n    stunnel client configuration file.\n  <\/li>\n  <li>\n    Copy the <b>TTFIX.crt<\/b> file to the appropriate location on your system.\n  <\/li>\n  <li>\n    Add the following to the stunnel configuration:\n    <p><\/p>\n    \n    <code>\n      [orfix-tcp]<br>\n      client = yes<br>\n      accept = 127.0.0.1:11702<br>\n      connect = <i>FullyQualifiedDomainName<\/i>:<i>port<\/i> <br>\n      CAfile = TTFIX.crt<br>\n      verify = 3<br>\n    <\/code>\n\n    \n\n    <p><\/p>\n    where <i>FullyQualifiedDomainName<\/i>:<i>port<\/i> uses one of the values\n    from the table above.\n    <p><\/p>\n    FIX clients should use the following connection information: \n    <ul>\n      <li>Host: 127.0.0.1<\/li>\n      <li>Port: 11702<\/li>\n    <\/ul>\n    \n  <\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":2,"template":"","meta":{"_acf_changed":false,"footnotes":""},"docs-category":[475],"class_list":["post-7163","doc","type-doc","status-publish","hentry","docs-category-overview-tt-fix-drop-copy-out"],"acf":[],"_links":{"self":[{"href":"https:\/\/library-staging.tradingtechnologies.com\/ja\/wp-json\/wp\/v2\/doc\/7163","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/library-staging.tradingtechnologies.com\/ja\/wp-json\/wp\/v2\/doc"}],"about":[{"href":"https:\/\/library-staging.tradingtechnologies.com\/ja\/wp-json\/wp\/v2\/types\/doc"}],"author":[{"embeddable":true,"href":"https:\/\/library-staging.tradingtechnologies.com\/ja\/wp-json\/wp\/v2\/users\/2"}],"version-history":[{"count":0,"href":"https:\/\/library-staging.tradingtechnologies.com\/ja\/wp-json\/wp\/v2\/doc\/7163\/revisions"}],"wp:attachment":[{"href":"https:\/\/library-staging.tradingtechnologies.com\/ja\/wp-json\/wp\/v2\/media?parent=7163"}],"wp:term":[{"taxonomy":"docs-category","embeddable":true,"href":"https:\/\/library-staging.tradingtechnologies.com\/ja\/wp-json\/wp\/v2\/docs-category?post=7163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}