Technical resources and implementation notes addressing security when using the FIX Protocol.
The documents provided below have been reviewed or produced by the Global Technical Committee’s Information Security Subcommittee.
FIX Security White Paper v1.9 700.29 KB 2423 downloads
The "FIX Security White Paper (v1.9)" is intended to provide FIX Trading Community members with some of the common questions and answers regarding computer and network security when using FIX. Its scope is limited to the FIX Protocol and transmission of FIX messages between parties; issues such as security of operating systems, internal applications, databases, etc., are outside the scope of this document.Create date: July 23, 2017
FIXS Stunnel User Guide for FIX Applications 133.14 KB 1162 downloads
FIX-over-TLS (FIXS) Stunnel User Guide for FIX Applications - this guide is intended to allow anyone to get started with FIXS, whilst the FIXS specification is applicable to all TLS implementations.
Updated: 20180124Create date: August 18, 2017
PGP-DES_MD5 and PEM-DES-MD5 Overview 25.50 KB 346 downloads
This application note addresses Authentication, Confidentiality and Integrity for data transmitted between two parties. It describes the protocol for Key Exchange, Data Encryption of selected fields in the FIX message, and Data Integrity for the entire FIX message. Written and contributed by Morgan Stanley in 1995 and 1996.Create date: February 17, 1996
Stunnel Universal SSL Wrapper
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can be used to securely wrap unencrpyted FIX traffic. The Stunnel source code is not a complete product — you still require a functioning SSL library such as OpenSSL or SSLeay in order to compile stunnel. This means that stunnel can support whatever (and only) that which your SSL library can, without making any changes in the Stunnel code. The Stunnel source code is available under the GNU General Public License.
Information Security Presentations
This document describes the the proper way to conduct a multicast session for market data distribution using FIX message formats