1. Introduction  

As previously announced in Xetra Circular 045/22, Deutsche Börse has now implemented mandatory changes for the Xetra and Börse Frankfurt (including Börse Frankfurt Zertifikate) cash markets regarding data transmission via the T7 trading interfaces. These changes have been made to improve the security of information transmitted via communication networks to further reduce the risk of unauthorised interception, manipulation, or misuse.

To support Trading Participants with the implementation of their security requirements, Deutsche Börse now offers additional connectivity options to implement Transport Layer Security (TLS) for sensitive data in critical business areas.

Together with the introduction of T7 Release 10.1 on 27 June 2022, Deutsche Börse introduced an additional TLS connectivity option (payload encryption) for the FIX LF interface. The introduction of a TLS connectivity option for the ETI interface, for Low Frequency (LF) sessions only, was implemented with T7 Release 11.0 on 21 November 2022. 

Besides the additional connectivity options, Password encryption (by Deutsche Börse’s public RSA key) for ETI High Frequency (ETI HF) sessions will also be implemented in T7 Release 11.1, which is currently planned for 22 May 2023. ETI HF will offer session- and user-login message templates for both, encrypted and un-encrypted password transmission.

From 23 October 2023 onwards, the usage of ETI HF production sessions will be restricted to Deutsche Börse’s Equinix FR2 facility (non-public ground). Usage of ETI HF sessions from other locations (connected via networks on public ground) will no longer be possible in the T7 production environment.

More information about the mandatory interface encryption initiative is available on the Xetra website www.xetra.com on our dedicated page and location:

Technology > Mandatory Interface Encryption

A “Frequently Asked Questions (FAQ)” document providing answers to the most common questions will also be published there soon.

2. Required action

Trading Participants should be aware that support for the connectivity option without TLS in the production environment will be withdrawn from 8 May 2023 for FIX LF Sessions and from 23 October 2023 for ETI LF sessions. 

• If not already done, existing applications must now be adapted to use the FIX LF TLS or ETI LF TLS connectivity option.

Trading Participants with ETI HF sessions should also be aware that applications must be adapted to use login message templates with encrypted passwords following the introduction of T7 Release 11.1 on 4 April 2023 in simulation and 22 May 2023 in production. Password encryption for ETI HF will become mandatory from 11 December 2023 in the production environment, shortly after the introduction of T7 Release 12.0 which is currently planned for November 2023.

• Trading Participants using ETI HF sessions from a location outside of Deutsche Börse’s Equinix FR2 facility must either replace the HF session with a ETI LF session or transfer the session to an installation within Deutsche Börse’s Equinix FR2 facility by 23 October 2023. 

3. Details of the Regulation

To support Trading Participants in their adoption of the additional TLS connectivity options, both connectivity options are currently being offered in parallel. TLS encrypted FIX LF and ETI LF connectivity options are available on dedicated TCP/IP ports on the same gateways as the un-encrypted version. In the T7 production environment, usage of the FIX LF TLS connectivity option will become mandatory in from 8 May 2023 and the ETI LF TLS connectivity option will become mandatory in the production environment from 23 October 2023. 

3.1. Production environments

HF sessions are currently available for use not only within Deutsche Börse’s Equinix FR2 facility, but also in other locations connected to Deutsche Börse via networks on public ground. The usage of ETI HF production sessions from locations outside of Deutsche Börse’s Equinix FR2 facility will no longer be possible in the T7 production environment from 23 October 2023 onwards. The ability to order ETI HF production sessions for locations outside of Deutsche Börse’s Equinix FR2 facility in the Member Section will be removed from 21 August 2023.

More information about the FIX LF TLS connectivity option is provided in the Network Access Guide which is available on the Xetra website under the following link:

Technology > System documentation > Release 11.0 > Network Access

3.2.    Simulation and Disaster Recovery environments

The usage of ETI HF sessions from locations outside of Deutsche Börse’s Equinix FR2 facility for the T7 simulation environment will still be possible. HF sessions will also continue to be available in the event of the disaster recovery scenario for production. 

For all environments, once the encrypted communication becomes mandatory, the un-encrypted TCP/IP ports for FIX LF and ETI LF will be shut down and the login message templates (with unencrypted passwords) for ETI HF will no longer be supported.

The T7 market data and reference data interfaces are not affected by the changes.

The following tables provide a consolidated overview of the respective availability, mandatory and decommissioning dates in the simulation and production environments for the respective connectivity options, password encryption und usage on HF sessions from outside of Deutsche Börse’s Equinix FR2 facility: 

Further information