Solved

TLS setting

Posted on 2015-01-06
9
117 Views
Last Modified: 2015-01-18
I have a Windows 2003 server where on installing a .NET web application we see the following error:

Error while finalizing the configuration. This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

After a quick google i had to disable the following setting for this application to install:

To correct this you will need to disable the "Local Security Setting System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" policy in Windows.

Go to Start > Control Panel > Administrative tools > Local Security Policy. The Group Policy dialog appears.
Under the "Local Policies" heading, select "Security Options" and look for the entry, "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing."
If entry this is enabled, disable it.

The problem is we need to use TLS with this web application and my understanding is that TLS is a FIPS application. Is this a problem with the .NET application specifically or have i not setup TLS/Certificates up properly?
0
Comment
Question by:deepi19
  • 5
  • 4
9 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40533107
It's not quite that simple.  FIPS modules must be certified but not all TLS implementations are.  More info on this page and look in particular at the link for  Microsoft FIPS 140 Validated Cryptographic Modules
0
 

Author Comment

by:deepi19
ID: 40533142
Thanks Dave. So the term FIPS module - would that apply to code within the .NET application i'm trying to install or is that a configurable change i can make with my TLS or Certificate settings on this Windows 2003 machine?
0
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40533155
I don't think so.  If you read the article, it says that there are specific cryptographic DLLs that you must use.  I am honestly not sure what the relationships are.
0
 

Author Comment

by:deepi19
ID: 40533160
Thanks Dave. Assuming then this isnt a setting in IIS or the security certificate itself i'll get onto the developers of the .NET application to confirm if the required cryptographic DLLs were used in development to support FIPS/TLS. Let me know if i'm missing the point your making as i have 0 knowledge of this area.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40533199
While there may be other issues, you are understanding me correctly.
0
 

Author Comment

by:deepi19
ID: 40533201
Thanks Dave, i'll reply back with details once i get information from them on this particular avenue.
0
 

Author Comment

by:deepi19
ID: 40556190
HI Dave, I think the dev team will need to handle this as i wasn't able to find anything else, i'll mention the cryptographic dll's you mention in case that's something they didn't use during dev.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40556480
Ok.  It would be nice to know how this gets fixed.
0
 

Author Comment

by:deepi19
ID: 40556502
Sure, will post back when I get the info Dave.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now