TLS setting

I have a Windows 2003 server where on installing a .NET web application we see the following error:

Error while finalizing the configuration. This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

After a quick google i had to disable the following setting for this application to install:

To correct this you will need to disable the "Local Security Setting System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" policy in Windows.

Go to Start > Control Panel > Administrative tools > Local Security Policy. The Group Policy dialog appears.
Under the "Local Policies" heading, select "Security Options" and look for the entry, "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing."
If entry this is enabled, disable it.

The problem is we need to use TLS with this web application and my understanding is that TLS is a FIPS application. Is this a problem with the .NET application specifically or have i not setup TLS/Certificates up properly?
deepi19Asked:
Who is Participating?
 
Dave BaldwinConnect With a Mentor Fixer of ProblemsCommented:
I don't think so.  If you read the article, it says that there are specific cryptographic DLLs that you must use.  I am honestly not sure what the relationships are.
0
 
Dave BaldwinFixer of ProblemsCommented:
It's not quite that simple.  FIPS modules must be certified but not all TLS implementations are.  More info on this page and look in particular at the link for  Microsoft FIPS 140 Validated Cryptographic Modules
0
 
deepi19Author Commented:
Thanks Dave. So the term FIPS module - would that apply to code within the .NET application i'm trying to install or is that a configurable change i can make with my TLS or Certificate settings on this Windows 2003 machine?
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
deepi19Author Commented:
Thanks Dave. Assuming then this isnt a setting in IIS or the security certificate itself i'll get onto the developers of the .NET application to confirm if the required cryptographic DLLs were used in development to support FIPS/TLS. Let me know if i'm missing the point your making as i have 0 knowledge of this area.
0
 
Dave BaldwinFixer of ProblemsCommented:
While there may be other issues, you are understanding me correctly.
0
 
deepi19Author Commented:
Thanks Dave, i'll reply back with details once i get information from them on this particular avenue.
0
 
deepi19Author Commented:
HI Dave, I think the dev team will need to handle this as i wasn't able to find anything else, i'll mention the cryptographic dll's you mention in case that's something they didn't use during dev.
0
 
Dave BaldwinFixer of ProblemsCommented:
Ok.  It would be nice to know how this gets fixed.
0
 
deepi19Author Commented:
Sure, will post back when I get the info Dave.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.