Trading members kindly note that the exchange plan to implement encryption on the ETI (Interactive) channel of communication with exchange trading engine. In this implementation, all the messages exchanged between member application and trading engine will require to be encrypted by the sender and decrypted by the receiver. The encryption algorithm to be used is AES 256.
Members also note that the exchange has already issued communication to all vendors and in-house developers regarding the implementation of encryption on ETI protocol. The exchange has already published the ETI API changes and the communication parameters.
Further, the test (simulation) market for the same is already available from 28th March onwards. The encrypted and non-encrypted channel are available in parallel since then.
The discontinuation date of non-encryption channel in simulation was 13th May 2024 which is now extended till June 8, 2024. All existing applications working on non-encryption channel will not be able to connect to simulation post June 8, 2024. Thus, all member applications are requested to complete the development of encryption before the discontinuation date.
Also as communicated earlier on the production go-live strategy, the go-live will be done in parallel i.e. the encryption channel and non-encryption channel will be supported simultaneously and member applications which are ready for encryption channel should migrate their applications to encrypted channel as and when they are ready.
Members can migrate their applications in phases with only few Session IDs connecting to encryption channel IP ports first and then gradually move all Session IDs to encryption channel. Please note that that at a time a particular session ID will be able to login either on encryption or non-encryption channel only.
The member should inform exchange in advance about the IDs they wish to migrate on encrypted channel. The advance intimation should be sent to user.trdops@bseindia.com at least one day prior to migration of their Session ID not later than 5 PM.
The encryption channel in production for all segments will be made available from 8th June 2024 onwards. The segment wise IP ports for encryption channel in production are as under.
Segment
|
Process
|
IP address
|
Port
|
Equity
|
Connection Gateway
|
10.255.255.7
|
18909
|
Low Frequency Gateways (LF)
|
Gateway 1
|
10.255.255.53
|
18906
|
Gateway 2
|
10.255.255.53
|
18907
|
High Frequency Gateways (HF)
|
Gateway 1
|
10.255.255.54
|
18906
|
Gateway 2
|
10.255.255.54
|
18907
|
Colo High Frequency Gateways (HF)
|
Gateway 1
|
10.255.253.10
|
18906
|
Gateway 2
|
10.255.253.10
|
18907
|
Gateway 3
|
10.255.253.11
|
18906
|
Gateway 4
|
10.255.253.11
|
18907
|
|
|
|
|
Equity Derivatives
|
Connection Gateway
|
10.255.255.47
|
15910
|
Low Frequency Gateways (LF)
|
Gateway 1
|
10.255.255.51
|
15906
|
Gateway 2
|
10.255.255.51
|
15907
|
High Frequency Gateways (HF)
|
Gateway 1
|
10.255.255.52
|
15906
|
Gateway 2
|
10.255.255.52
|
15907
|
Colo High Frequency Gateways (HF)
|
Gateway 1
|
10.255.253.8
|
15906
|
Gateway 2
|
10.255.253.8
|
15907
|
Gateway 3
|
10.255.253.9
|
15906
|
Gateway 4
|
10.255.253.9
|
15907
|
|
|
|
|
Currency Derivatives
|
Connection Gateway
|
10.255.255.13
|
13910
|
Low Frequency Gateways (LF)
|
Gateway 1
|
10.255.255.55
|
13906
|
Gateway 2
|
10.255.255.12
|
13911
|
High Frequency Gateways (HF)
|
Gateway 1
|
10.255.255.55
|
13907
|
Gateway 2
|
10.255.255.12
|
13912
|
|
|
|
|
Commodities Derivatives
|
Connection Gateway
|
10.255.255.12
|
14910
|
Low Frequency Gateways (LF)
|
Gateway 1
|
10.255.255.55
|
14906
|
Gateway 2
|
10.255.255.13
|
14911
|
High Frequency Gateways (HF)
|
Gateway 1
|
10.255.255.55
|
14907
|
Gateway 2
|
10.255.255.13
|
14912
|
As per the login process, the member application should make the connection request to the Connection Gateway mentioned above and the exchange will provide the Gateway 1 and Gateway 2 IP and port in the connection gateway response. The IP and ports mentioned above should be allowed in member network if required.
Please note that the IP and ports for encryption channel mentioned above are applicable while the encryption and non-encryption channel are running in parallel. Gradually all the IP and ports of non-encryption channel gateway which are published in BOLT PLUS configuration manual would also be migrated to encrypted channel mode and no gateway on non-encrypted channel will be supported. The non-encrypted channel will be discontinued in production from 6th July 2024 onwards.
The TLS certificate (CA Certificate) to be used in production is made available on the url: www.bseindia.com/nta.aspx . The certificate is common for all segments.
Further, based on queries raised by different developers on encryption, we have compiled and attached the FAQ for your reference so that the team involved in development can get sufficient clarity on the subject and ease their development process.
Kindly note that the changes related to encryption are technical changes and thus re-certification or approvals are not required to be sought from exchange for these changes.
In case of any queries or clarification, kindly send the mail to bse.tech@bseindia.com.
For & On Behalf of BSE Ltd,
Arvindkumar Iyengar
|
Ketan Jantre
|
Chief General Manager-IT Development
|
Head-Trading operations
|
|