SSL is the recommended security model in FIX specification. QWFIX provides full support of SSL in FIX sessions. It is very easy to use SSL in FIX sessions to provide added security.
FIXSessionSslParameters is the only class needed in order to add SSL support in FIX sessions, in both client mode and server mode.
FIXSessionSslParameters contains two call back delegates used to initialize a SslStream in .Net framework (see 'Certificate Selection and Validation' below), plus a "serverHostName" and a certificate.
It is the responsiblility of developers to provide information about certificate selection and validation.
Starting from QWFIX 1.5, FIXEngineSessionEndPoint is introduced. FIXEngineSessionEndPoint allows multiple FIX sessions share the same TCP end point. It also supports an optional backup TCP end point for initiator sessions.
SSL support is associated with the FIXEngineSessionEndPoint.
To enable SSL support on a specific FIX session. First, hook up an event handler to FIXStandaloneApplication.FIXEngineInitialized event. In the event handler, find the specific FIXSessionSslParameters in FIXEngine.Settings.SessionEndPoints. Then create an appropriate instance of FIXSessionSslParameters and assign it to FIXEngineSessionEndPoint.SslParameters property of the session end point.
Note: Before QWFIX 1.5 the SslParameters is associated with each FIXSession.
Certificate Selection and Validation
Certificate selection and validation is very important in SSL. This documentation is not about teaching SSL programming. Please read related articles as well as MSDN documentation about encrytography (for example, SslStream). FIXSessionSslParameters have both UserCertificateSelectionCallback and UserCertificateValidationCallback properties.