Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

TLS setting

Posted on 2015-01-06
9
Medium Priority
?
129 Views
Last Modified: 2015-01-18
I have a Windows 2003 server where on installing a .NET web application we see the following error:

Error while finalizing the configuration. This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

After a quick google i had to disable the following setting for this application to install:

To correct this you will need to disable the "Local Security Setting System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" policy in Windows.

Go to Start > Control Panel > Administrative tools > Local Security Policy. The Group Policy dialog appears.
Under the "Local Policies" heading, select "Security Options" and look for the entry, "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing."
If entry this is enabled, disable it.

The problem is we need to use TLS with this web application and my understanding is that TLS is a FIPS application. Is this a problem with the .NET application specifically or have i not setup TLS/Certificates up properly?
0
Comment
Question by:deepi19
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40533107
It's not quite that simple.  FIPS modules must be certified but not all TLS implementations are.  More info on this page and look in particular at the link for  Microsoft FIPS 140 Validated Cryptographic Modules
0
 

Author Comment

by:deepi19
ID: 40533142
Thanks Dave. So the term FIPS module - would that apply to code within the .NET application i'm trying to install or is that a configurable change i can make with my TLS or Certificate settings on this Windows 2003 machine?
0
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 1500 total points
ID: 40533155
I don't think so.  If you read the article, it says that there are specific cryptographic DLLs that you must use.  I am honestly not sure what the relationships are.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:deepi19
ID: 40533160
Thanks Dave. Assuming then this isnt a setting in IIS or the security certificate itself i'll get onto the developers of the .NET application to confirm if the required cryptographic DLLs were used in development to support FIPS/TLS. Let me know if i'm missing the point your making as i have 0 knowledge of this area.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40533199
While there may be other issues, you are understanding me correctly.
0
 

Author Comment

by:deepi19
ID: 40533201
Thanks Dave, i'll reply back with details once i get information from them on this particular avenue.
0
 

Author Comment

by:deepi19
ID: 40556190
HI Dave, I think the dev team will need to handle this as i wasn't able to find anything else, i'll mention the cryptographic dll's you mention in case that's something they didn't use during dev.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40556480
Ok.  It would be nice to know how this gets fixed.
0
 

Author Comment

by:deepi19
ID: 40556502
Sure, will post back when I get the info Dave.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

671 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question