1. Introduction
The introduction of a TLS connectivity option (payload encryption) for ETI Low Frequency (LF) sessions, was originally implemented with T7 Release 11.0. In Eurex Circular 005/23, Eurex announced that the use of the ETI LF payload encryption will be mandatory in the simulation environment on 4 August 2023 and in the production environment on 23 October 2023. Eurex has also previously announced that payload encryption will apply to all ETI LF sessions located both inside and outside of the Equinix FR2 co-location facility.
Password encryption (by Deutsche Börse’s public RSA key) was initially announced for ETI High Frequency (ETI HF) sessions. Password encryption for ETI HF sessions was previously available in the simulation environment and implemented in the production environment with T7 Release 11.1 on 22 May 2023. Password encryption is implemented by using session- and user-login specific message templates.
Mandatory password encryption for ETI LF sessions in the Equinix FR2 co-location facility
Based on discussions with Trading Participants and to provide the maximum level of flexibility and compatibility with the implementation of the security requirements, Eurex now offers Trading Participants the flexibility to choose between the implementation of payload encryption or password encryption for ETI LF sessions within the Equinix FR2 co-location facility. Password encryption for ETI LF sessions in the simulation and the production environment can be used with immediate effect.
Support for TLS 1.3 and TLS 1.2
Eurex now supports TLS 1.3 in parallel to TLS 1.2. TLS version 1.3 can be used in the simulation and production environment with immediate effect. An updated version of the Network Access Guide containing the information on the supported cipher suites is available on the Eurex website www.eurex.com under the following link:
Support > Initiatives & Releases > T7 Release 11.1 > Network Access.
More information about the mandatory interface encryption initiative is available on the Eurex website www.eurex.com on our dedicated initiatives page and location under the following link:
Support > Initiatives & Releases > Readiness for projects > Mandatory Interface Encryption.
System documentation, circulars, timeline and much more information can also be found there. An updated FAQ document providing answers to the most common questions has also been published.
2. Required action
Trading Participants should be aware that support for ETI LF sessions without payload or password encryption will be withdrawn on 4 August 2023 in the simulation environment and on 23 October 2023 in the production environment. ETI LF sessions outside the Equinix FR2 co-location facility must use the ETI LF payload encryption connectivity option. ETI LF sessions within the Equinix FR2 co-location facility, will require either payload encryption or ETI password encryption.
- If not already done, existing applications must now be adapted to use the ETI LF payload encryption connectivity option or ETI password encryption (ETI LF sessions in Equinix FR2 co-location facility only).
Please Note: For participants with ETI LF sessions configured for use in split locations (i.e.) a connection both within the co-location facility and from a remote location, the use of payload encryption is mandatory.
Trading Participants with ETI HF sessions in the Equinix FR2 co-location facility should also be aware that applications need to be adapted to use login message templates with encrypted passwords. This can be done in the simulation and production environments from now on. Password encryption for ETI HF and non-payload encrypted ETI LF sessions in the Equinix FR2 co-location facility will be mandatory from 24 November 2023 in the simulation environment and from 11 December 2023 in the production environment shortly after the launch of T7 Release 12.0 which is currently scheduled for 20 November 2023.
- Trading Participants using ETI HF sessions from a location outside of Eurex Exchanges’ Equinix FR2 facility must either replace the HF session with a ETI LF session or transfer the session to an installation within Eurex Exchanges’ Equinix FR2 facility by 23 October 2023.
3. Details
To provide Trading Participants with maximum flexibility and compatibility in the implementation of the security requirements, Eurex now offers the flexibility to choose between the implementation of payload encryption or password encryption for ETI LF sessions within the Equinix FR2 co-location facility. The following table provides a consolidated overview of the payload and password encryption options for ETI HF and LF sessions, together with the mandatory usage dates in the simulation and production environments.
Session Source Location | Session type | Encryption type | Mandatory change in Simulation | Mandatory change in Production |
In Equinix FR2 co-lo facility | ETI (LF) | Payload or Password | 24.11.23 | 11.12.23 |
In Equinix FR2 co-lo facility | ETI (HF) | Password | 24.11.23 | 11.12.23 |
In Equinix FR2 co-lo facility | ETI (HF) | Payload | Not supported | Not supported |
Remote | ETI (LF) | Payload | 04.08.23 | 23.10.23 |
Remote | ETI (LF) | Password | Not applicable | Not applicable |
Remote | ETI (HF) | Not applicable | Not applicable | 23.10.23* |
* The use of HF Sessions in the production environment outside of the Equinix FR2 co-location facility will no longer be available.
To support participants with the implementation of password encryption, Eurex has provided an example python script “STEP (Sample Tool for ETI Password Encryption) download” which provides a sample implementation of the ETI password encryption on the client side. The script can be downloaded from the Eurex website under the following link:
Support > Initiatives & Releases > T7 Release 11.1 > Trading Interfaces.
Further information
Recipients: | | All Trading Participants of Eurex Deutschland and Vendors |
Target groups: | | Front Office/Trading, IT/System Administration |
Related circulars: | | Eurex Circular 005/23, 085/22 |
Contact: | | Technical Key Account Manager via your VIP number or cts@deutsche-boerse.com |
Web: | | Support > Initiatives & Releases > Readiness for projects > Mandatory Interface Encryption |
Authorized by: | | Wolfgang Eholzer |