Information Security

Technical resources and implementation notes addressing security when using the FIX Protocol.

The documents provided below have been reviewed or produced by the Global Technical Committee’s Information Security Subcommittee.

Icon

FIX Security White Paper v1.9 700.29 KB 2183 downloads

The "FIX Security White Paper (v1.9)" is intended to provide FIX Trading Community members with some of the common questions and answers regarding computer and network security when using FIX. Its scope is limited to the FIX Protocol and transmission of FIX messages between parties; issues such as security of operating systems, internal applications, databases, etc., are outside the scope of this document.

Create date: July 23, 2017
Icon

FIXS Stunnel User Guide for FIX Applications 133.14 KB 1023 downloads

FIX-over-TLS (FIXS) Stunnel User Guide for FIX Applications - this guide is intended to allow anyone to get started with FIXS, whilst the FIXS specification is applicable to all TLS implementations.

Updated: 20180124

Create date: August 18, 2017
Icon

PGP-DES_MD5 and PEM-DES-MD5 Overview 25.50 KB 296 downloads

This application note addresses Authentication, Confidentiality and Integrity for data transmitted between two parties. It describes the protocol for Key Exchange, Data Encryption of selected fields in the FIX message, and Data Integrity for the entire FIX message. Written and contributed by Morgan Stanley in 1995 and 1996.

Create date: February 17, 1996
Icon

PGP-DES-MD5 and PEM-DES-MD5 Implementation 224.00 KB 214 downloads

The files included in this distribution are an implementation of the FIX security protocol. Written and contributed by Morgan Stanley in 1995 and 1996. (TAR, 224KB) [May 24, 1996]

Create date: June 2, 2017

    Stunnel Universal SSL Wrapper
    Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can be used to securely wrap unencrpyted FIX traffic. The Stunnel source code is not a complete product — you still require a functioning SSL library such as OpenSSL or SSLeay in order to compile stunnel. This means that stunnel can support whatever (and only) that which your SSL library can, without making any changes in the Stunnel code. The Stunnel source code is available under the GNU General Public License.

    Information Security Presentations

    Icon

    Encryption Working Group Presentation - July 24, 2000 768.50 KB 207 downloads

    This document has been revised to correct errors in the presentation and add additional information relating to CA infrastructure addressed at the meeting.

    Create date: July 24, 2000
    Icon

    FIX Security Presentation 185.50 KB 436 downloads

    Presentation about how FIX addresses security.

    Create date: February 14, 2017

      Multicast

      This document describes the the proper way to conduct a multicast session for market data distribution using FIX message formats

      Icon

      Multicast Recommended Practices 539.58 KB 543 downloads

      This document describes the the proper way to conduct a multicast session for market data distribution using FIX message formats.

      Create date: January 14, 2006