I’m trying to create a FIX application that interfaces with ICE using Stunnel to provide encryption.

I’m encountering a handshake failure trying to interface with the FIX application.

I’ve copies portions of the Stunnel configuration file as well as the entire FIX configuration file below.

Can you do a quick review of the two configuration files and tell me what I’m doing wrong?

Both FIX and Stunnel are running on the same Windows 10 virtual pc.

*** Stunnel ERRORS with accept set to 127.0.0.1:83 ***

2023.02.21 20:07:13 LOG5[main]: stunnel 5.68 on x64-pc-mingw32-gnu platform

2023.02.21 20:07:13 LOG5[main]: Compiled/running with OpenSSL 3.0.8 7 Feb 2023

2023.02.21 20:07:13 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI

2023.02.21 20:07:13 LOG5[main]: Reading configuration from file C:\Program Files (x86)\stunnel\config\stunnel.conf

2023.02.21 20:07:13 LOG5[main]: UTF-8 byte order mark detected

2023.02.21 20:07:13 LOG5[main]: FIPS mode disabled

2023.02.21 20:07:13 LOG3[main]: No trusted certificates found

2023.02.21 20:07:13 LOG5[main]: Configuration successful

2023.02.21 20:07:25 LOG5[0]: Service [fix_initiator_session1_tunnel] accepted connection from 127.0.0.1:62314

2023.02.21 20:07:25 LOG5[0]: s_connect: connected 63.247.113.201:443

2023.02.21 20:07:25 LOG5[0]: Service [fix_initiator_session1_tunnel] connected remote server from 192.168.1.219:62315

2023.02.21 20:07:25 LOG3[0]: SSL_connect: ssl/record/rec_layer_s3.c:1605: error:0A000410:SSL routines::sslv3 alert handshake failure

2023.02.21 20:07:25 LOG5[0]: Connection closed/reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

2023.02.21 20:07:26 LOG5[1]: Service [fix_initiator_session1_tunnel] accepted connection from 127.0.0.1:62316

2023.02.21 20:07:26 LOG5[1]: s_connect: connected 63.247.113.201:443

2023.02.21 20:07:26 LOG5[1]: Service [fix_initiator_session1_tunnel] connected remote server from 192.168.1.219:62317

2023.02.21 20:07:26 LOG3[1]: SSL_connect: ssl/record/rec_layer_s3.c:1605: error:0A000410:SSL routines::sslv3 alert handshake failure

2023.02.21 20:07:26 LOG5[1]: Connection closed/reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

*** FIX ERRORS with accept set to 127.0.0.1:49200 ***

Same errors in stunnel, but (Socket Error: An existing connection was forcibly closed by the remote host.) in FIX Application

*** Stunnel configuration ***

[fix_initiator_session1_tunnel]

client = yes

accept = 127.0.0.1:83

connect = 63.247.113.201:443

cert = stunnel.pem

ciphers = PSK

PSKsecrets = psk.txt

*** FIX 4.4 Configuration ***

[DEFAULT]

ConnectionType=initiator

ReconnectInterval=60

FileStorePath=c:\Temp\WebIce_Initiator

FileLogPath=c:\Temp\WebIce_Initiator

StartTime=00:00:00

EndTime=23:59:59

SocketConnectHost=127.0.0.1

SocketConnectPort=83

ResetOnLogon=Y

ResetOnLogout=Y

ResetOnDisconnect=Y

[SESSION]

BeginString=FIX.4.4

SenderCompID=8655

SenderSubID=0921

TargetCompID=ICE

HeartBtInt=30

ValidateFieldsOutOfOrder=N

UseDataDictionary=Y

DataDictionary=C:\Applications\WebIceInitiator_Pub\FIX44.xml

CheckLatency=N

SSLEnable=Y

SSLProtocols=Tls12

SSLValidateCertificates=N

SSLCertificateRevocation=N

SSLCertificate=C:\Applications\WebIceInitiator_Pub\Wildcard.ingsoftware.net.pfx

SSLCertificatePassword=9322

SSLRequireClientCertificate=N

ScreenLogEvents=N

ScreenLogShowIncoming=N

ScreenLogShowOutgoing=N

ScreenLogShowHeartBeats=N