Solved

TLS setting

Posted on 2015-01-06
9
126 Views
Last Modified: 2015-01-18
I have a Windows 2003 server where on installing a .NET web application we see the following error:

Error while finalizing the configuration. This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

After a quick google i had to disable the following setting for this application to install:

To correct this you will need to disable the "Local Security Setting System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" policy in Windows.

Go to Start > Control Panel > Administrative tools > Local Security Policy. The Group Policy dialog appears.
Under the "Local Policies" heading, select "Security Options" and look for the entry, "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing."
If entry this is enabled, disable it.

The problem is we need to use TLS with this web application and my understanding is that TLS is a FIPS application. Is this a problem with the .NET application specifically or have i not setup TLS/Certificates up properly?
0
Comment
Question by:deepi19
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40533107
It's not quite that simple.  FIPS modules must be certified but not all TLS implementations are.  More info on this page and look in particular at the link for  Microsoft FIPS 140 Validated Cryptographic Modules
0
 

Author Comment

by:deepi19
ID: 40533142
Thanks Dave. So the term FIPS module - would that apply to code within the .NET application i'm trying to install or is that a configurable change i can make with my TLS or Certificate settings on this Windows 2003 machine?
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 40533155
I don't think so.  If you read the article, it says that there are specific cryptographic DLLs that you must use.  I am honestly not sure what the relationships are.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:deepi19
ID: 40533160
Thanks Dave. Assuming then this isnt a setting in IIS or the security certificate itself i'll get onto the developers of the .NET application to confirm if the required cryptographic DLLs were used in development to support FIPS/TLS. Let me know if i'm missing the point your making as i have 0 knowledge of this area.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40533199
While there may be other issues, you are understanding me correctly.
0
 

Author Comment

by:deepi19
ID: 40533201
Thanks Dave, i'll reply back with details once i get information from them on this particular avenue.
0
 

Author Comment

by:deepi19
ID: 40556190
HI Dave, I think the dev team will need to handle this as i wasn't able to find anything else, i'll mention the cryptographic dll's you mention in case that's something they didn't use during dev.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 40556480
Ok.  It would be nice to know how this gets fixed.
0
 

Author Comment

by:deepi19
ID: 40556502
Sure, will post back when I get the info Dave.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question