17th February 2023

Gateway device of UBS FX FIX API connection in Production environment will undergo a firmware upgrade


Gateway device of UBS FX FIX API connection in Production environment will undergo a firmware upgrade.

In addition to the implementation of some bug-fixes, this firmware upgrade will fix a security vulnerability in SSL/TLS handshake. 


Change Overview from Bloomberg


Below is the latest communication from the UBS

------------------------------------------------

Dear Client,  

Thank you very much for your connections with UBS via FX FIX API. 

Please be informed that the gateway device of UBS FX FIX API connection in Production environment will undergo a firmware upgrade around mid-February 2023. 

In addition to the implementation of some bug-fixes, this firmware upgrade will fix a security vulnerability in SSL/TLS handshake.   

As your FIX engine connects to UBS via SSL protocol, we recommend that you test your FIX login function in UAT environment where the upgrade of our gateway device firmware has already completed.


Recommended test period 

From now (Dec 15 2022) till February 17 2023  


What is required to be tested? 

Please test your FIX login via SSL certificate in UAT environment to ensure that your SSL session can be established. 

 UBS UAT access information 

1. London data center 

IP: 155.145.206.111, Port: 2443 

 2. Tokyo data center  

IP :  138.206.150.195, Port: 2443  

Alias : fxfixptetky10.ibb.ubstest.com  Port 2443 


Please also note the following 

(a) If your UAT environment is using 'btobx*fssXXXX' certificate and connects to "*151.236.219.108: 2500", please reach out to us. This testing environment is not able to test the new firmware due to different type of hardware device.  

(b) If you are certain that your FX FIX API connections with UBS are all running on NON-SSL connections in Production, you may disregard this notification. 


Should you have any further questions, please feel free to reach to us.  


Specification Document

Latest specification from UBS is version 1.47 B2B_FIX_Rules_of_Engagement_1_47.pdf

https://confluence.marketfactory.com/download/attachments/11568444/B2B_FIX_Rules_of_Engagement_1_47.pdf?api=v2


MarketFactory Analysis


API upgrade:


UBS has provided a latest API spec version 1.47 as attached above. There is no specific mandatory API changes for users in relation to this upgrade.

Firmware upgrade : 

No impact for versions using OpenSSL  below version 3.0

If using Open SSL Version3.0  & above, the following Option will be need to be added to the OpenSSL Config. 

Options = UnsafeLagacyRenegotiation


Impact to MarketFactory


MarketFactory will be updating the OpenSSL config with the setting Options = UnsafeLagacyRenegotiation on all servers.