1. Introduction

The introduction of a TLS connectivity option (payload encryption) for ETI Low Frequency (LF) sessions, was originally implemented with T7 Release 11.0. In Xetra Circular 002/23, Deutsche Börse announced that the use of the ETI LF payload encryption will be mandatory in the simulation environment on 4 August 2023 and in the production environment on 23 October 2023. Deutsche Börse has also previously announced that payload encryption will apply to all ETI LF sessions located both inside and outside of the Equinix FR2 co-location facility.

Password encryption (by Deutsche Börse’s public RSA key) was initially announced for ETI High Frequency (ETI HF) sessions. Password encryption for ETI HF sessions was previously available in the simulation environment and implemented in the production environment with T7 Release 11.1, on 22 May 2023. Password encryption is implemented by using session- and user-login specific message templates.

Mandatory password encryption for ETI LF sessions in the Equinix FR2 co-location facility

Based on discussions with Trading Participants and to provide the maximum level of flexibility and compatibility with the implementation of the security requirements, Deutsche Börse now offers Trading Participants the flexibility to choose between the implementation of payload encryption or password encryption for ETI LF sessions within the Equinix FR2 co-location facility. Password encryption for ETI LF sessions in the simulation and the production environment can be used with immediate effect.

Support for TLS 1.3 and TLS 1.2

Deutsche Börse now supports TLS 1.3 in parallel to TLS 1.2. TLS version 1.3 can be used in the simulation and production environment with immediate effect. An updated version of the Network Access Guide containing the information on the supported cipher suites is available on the Xetra website (www.xetra.com) under the following link:

 Technology > Trading Architecture > System documentation > Release 11.1 > Network Access.

More information about the mandatory interface encryption is available on the Xetra website (www.xetra.com) under the following link:

Technology > Trading Architecture > Mandatory Interface Encryption.

An updated FAQ document with answers to the most frequently asked questions has also been published.

2. Required action

Trading Participants should be aware that support for ETI LF sessions without payload or password encryption will be withdrawn on 4 August 2023 in the simulation environment and on 23 October 2023 in the production environment. ETI LF sessions outside the Equinix FR2 co-location facility must use the ETI LF payload encryption connectivity option. ETI LF sessions within the Equinix FR2 co-location facility, will require either payload encryption or ETI password encryption. 

• If not already done, existing applications must now be adapted to use the ETI LF payload encryption connectivity option or ETI password encryption (ETI LF sessions in Equinix FR2 co-location facility only).

Please Note: For participants with ETI LF sessions configured for use in split locations (i.e.) a connection both within the co-location facility and from a remote location, the use of payload encryption is mandatory.

Trading Participants with ETI HF sessions in the Equinix FR2 co-location facility should also be aware that applications need to be adapted to use login message templates with encrypted passwords. This can be done in the simulation and production environments from now on. Password encryption for ETI HF and non-payload encrypted ETI LF sessions in the Equinix FR2 co-location facility will be mandatory from 24 November 2023 in the simulation environment and from 11 December 2023 in the production environment shortly after the launch of T7 Release 12.0 which is currently scheduled for 20 November 2023.

• Trading Participants using ETI HF sessions from a location outside of Deutsche Börses’ Equinix FR2 facility must either replace the HF session with a ETI LF session or transfer the session to an installation within Deutsche Börses’ Equinix FR2 facility by 23 October 2023. 

3. Details

To provide Trading Participants with maximum flexibility and compatibility in the implementation of the security requirements, Deutsche Börse now offers the flexibility to choose between the implementation of payload encryption or password encryption for ETI LF sessions within the Equinix FR2 co-location facility. The following table provides a consolidated overview of the payload encryption and password encryption options for ETI HF and LF sessions, together with the mandatory usage dates in the simulation and production environments.

* - The use of HF Sessions in the production environment outside of the Equinix FR2 co-location facility will no longer be available.

To support participants with the implementation of password encryption, Deutsche Börse has provided an example python script “STEP (Sample Tool ETI Password Encryption) download” which provides a sample implementation of the ETI password encryption on the client side. The script can be downloaded from the Eurex website www.eurex.com under the following link:

Support > Initiatives & Releases > T7 Release 11.1 > Trading Interfaces.

Further information