Find
25 May 2023

Eurex

T7 mandatory interface encryption: Updated information on ETI LF payload encryption and additional support for TLS 1.3

Eurex Circular 044/23 T7 mandatory interface encryption: Updated information on ETI LF payload encryption and additional support for TLS 1.3

1.   Introduction

The introduction of a TLS connectivity option (payload encryption) for ETI Low Frequency (LF) sessions, was originally implemented with T7 Release 11.0. In Eurex Circular 005/23, Eurex announced that the use of the ETI LF payload encryption will be mandatory in the simulation environment on 4 August 2023 and in the production environment on 23 October 2023. Eurex has also previously announced that payload encryption will apply to all ETI LF sessions located both inside and outside of the Equinix FR2 co-location facility.

Password encryption (by Deutsche Börse’s public RSA key) was initially announced for ETI High Frequency (ETI HF) sessions. Password encryption for ETI HF sessions was previously available in the simulation environment and implemented in the production environment with T7 Release 11.1 on 22 May 2023. Password encryption is implemented by using session- and user-login specific message templates.

Mandatory password encryption for ETI LF sessions in the Equinix FR2 co-location facility

Based on discussions with Trading Participants and to provide the maximum level of flexibility and compatibility with the implementation of the security requirements, Eurex now offers Trading Participants the flexibility to choose between the implementation of payload encryption or password encryption for ETI LF sessions within the Equinix FR2 co-location facility. Password encryption for ETI LF sessions in the simulation and the production environment can be used with immediate effect.

Support for TLS 1.3 and TLS 1.2

Eurex now supports TLS 1.3 in parallel to TLS 1.2. TLS version 1.3 can be used in the simulation and production environment with immediate effect. An updated version of the Network Access Guide containing the information on the supported cipher suites is available on the Eurex website www.eurex.com under the following link: 

Support > Initiatives & Releases > T7 Release 11.1 > Network Access.

More information about the mandatory interface encryption initiative is available on the Eurex website www.eurex.com on our dedicated initiatives page and location under the following link:

Support > Initiatives & Releases > Readiness for projects > Mandatory Interface Encryption.

System documentation, circulars, timeline and much more information can also be found there. An updated FAQ document providing answers to the most common questions has also been published.

2.   Required action

Trading Participants should be aware that support for ETI LF sessions without payload or password encryption will be withdrawn on 4 August 2023 in the simulation environment and on 23 October 2023 in the production environment. ETI LF sessions outside the Equinix FR2 co-location facility must use the ETI LF payload encryption connectivity option. ETI LF sessions within the Equinix FR2 co-location facility, will require either payload encryption or ETI password encryption. 

  • If not already done, existing applications must now be adapted to use the ETI LF payload encryption connectivity option or ETI password encryption (ETI LF sessions in Equinix FR2 co-location facility only).

Please Note: For participants with ETI LF sessions configured for use in split locations (i.e.) a connection both within the co-location facility and from a remote location, the use of payload encryption is mandatory.

Trading Participants with ETI HF sessions in the Equinix FR2 co-location facility should also be aware that applications need to be adapted to use login message templates with encrypted passwords. This can be done in the simulation and production environments from now on. Password encryption for ETI HF and non-payload encrypted ETI LF sessions in the Equinix FR2 co-location facility will be mandatory from 24 November 2023 in the simulation environment and from 11 December 2023 in the production environment shortly after the launch of T7 Release 12.0 which is currently scheduled for 20 November 2023.

  • Trading Participants using ETI HF sessions from a location outside of Eurex Exchanges’ Equinix FR2 facility must either replace the HF session with a ETI LF session or transfer the session to an installation within Eurex Exchanges’ Equinix FR2 facility by 23 October 2023. 

3.   Details

To provide Trading Participants with maximum flexibility and compatibility in the implementation of the security requirements, Eurex now offers the flexibility to choose between the implementation of payload encryption or password encryption for ETI LF sessions within the Equinix FR2 co-location facility. The following table provides a consolidated overview of the payload and password encryption options for ETI HF and LF sessions, together with the mandatory usage dates in the simulation and production environments.

Session Source Location

Session type

Encryption type

Mandatory change in Simulation

Mandatory change in Production

In Equinix FR2 co-lo facility

ETI (LF)

Payload or Password

24.11.23

11.12.23

In Equinix FR2 co-lo facility

ETI (HF)

Password

24.11.23

11.12.23

In Equinix FR2 co-lo facility

ETI (HF)

Payload

Not supported

Not supported

Remote

ETI (LF)

Payload

04.08.23

23.10.23

Remote

ETI (LF)

Password

Not applicable

Not applicable

Remote

ETI (HF)

Not applicable

Not applicable

23.10.23*

*  The use of HF Sessions in the production environment outside of the Equinix FR2 co-location facility will no longer be available.

To support participants with the implementation of password encryption, Eurex has provided an example python script “STEP (Sample Tool for ETI Password Encryption) download” which provides a sample implementation of the ETI password encryption on the client side. The script can be downloaded from the Eurex website under the following link:

Support > Initiatives & Releases > T7 Release 11.1 > Trading Interfaces.


Further information

Recipients:

All Trading Participants of Eurex Deutschland and Vendors

Target groups:

Front Office/Trading, IT/System Administration

Related circulars:

Eurex Circular 005/23, 085/22

Contact:

Technical Key Account Manager via your VIP number or cts@deutsche-boerse.com

Web:

Support > Initiatives & Releases > Readiness for projects > Mandatory Interface Encryption 

Authorized by:

Wolfgang Eholzer


Market Status

XEUR

The market status window is an indication regarding the current technical availability of the trading system. It indicates whether news board messages regarding current technical issues of the trading system have been published or will be published shortly.

Please find further information about incident handling in the Emergency Playbook published on the Eurex webpage under Support --> Emergencies and safeguards. Detailed information about incident communication, market re-opening procedures and best practices for order and trade reconciliation can be found in the chapters 4.2, 4.3 and 4.5, respectively. Concrete information for the respective incident will be published during the incident via newsboard message. 

We strongly recommend not to take any decisions based on the indications in the market status window but to always check the production news board for comprehensive information on an incident.

An instant update of the Market Status requires an enabled up-to date Java™ version within the browser.