deepi19
asked on
TLS setting
I have a Windows 2003 server where on installing a .NET web application we see the following error:
Error while finalizing the configuration. This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
After a quick google i had to disable the following setting for this application to install:
To correct this you will need to disable the "Local Security Setting System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" policy in Windows.
Go to Start > Control Panel > Administrative tools > Local Security Policy. The Group Policy dialog appears.
Under the "Local Policies" heading, select "Security Options" and look for the entry, "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing."
If entry this is enabled, disable it.
The problem is we need to use TLS with this web application and my understanding is that TLS is a FIPS application. Is this a problem with the .NET application specifically or have i not setup TLS/Certificates up properly?
Error while finalizing the configuration. This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.
After a quick google i had to disable the following setting for this application to install:
To correct this you will need to disable the "Local Security Setting System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" policy in Windows.
Go to Start > Control Panel > Administrative tools > Local Security Policy. The Group Policy dialog appears.
Under the "Local Policies" heading, select "Security Options" and look for the entry, "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing."
If entry this is enabled, disable it.
The problem is we need to use TLS with this web application and my understanding is that TLS is a FIPS application. Is this a problem with the .NET application specifically or have i not setup TLS/Certificates up properly?
Dave Baldwin
It's not quite that simple. FIPS modules must be certified but not all TLS implementations are. More info on this page and look in particular at the link for Microsoft FIPS 140 Validated Cryptographic Modules
ASKER
Thanks Dave. So the term FIPS module - would that apply to code within the .NET application i'm trying to install or is that a configurable change i can make with my TLS or Certificate settings on this Windows 2003 machine?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Dave. Assuming then this isnt a setting in IIS or the security certificate itself i'll get onto the developers of the .NET application to confirm if the required cryptographic DLLs were used in development to support FIPS/TLS. Let me know if i'm missing the point your making as i have 0 knowledge of this area.
While there may be other issues, you are understanding me correctly.
ASKER
Thanks Dave, i'll reply back with details once i get information from them on this particular avenue.
ASKER
HI Dave, I think the dev team will need to handle this as i wasn't able to find anything else, i'll mention the cryptographic dll's you mention in case that's something they didn't use during dev.
Ok. It would be nice to know how this gets fixed.
ASKER
Sure, will post back when I get the info Dave.