Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

TLS setting

Posted on 2015-01-06
9
Medium Priority
?
130 Views
Last Modified: 2015-01-18
I have a Windows 2003 server where on installing a .NET web application we see the following error:

Error while finalizing the configuration. This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

After a quick google i had to disable the following setting for this application to install:

To correct this you will need to disable the "Local Security Setting System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" policy in Windows.

Go to Start > Control Panel > Administrative tools > Local Security Policy. The Group Policy dialog appears.
Under the "Local Policies" heading, select "Security Options" and look for the entry, "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing."
If entry this is enabled, disable it.

The problem is we need to use TLS with this web application and my understanding is that TLS is a FIPS application. Is this a problem with the .NET application specifically or have i not setup TLS/Certificates up properly?
0
Comment
Question by:deepi19
  • 5
  • 4
9 Comments
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40533107
It's not quite that simple.  FIPS modules must be certified but not all TLS implementations are.  More info on this page and look in particular at the link for  Microsoft FIPS 140 Validated Cryptographic Modules
0
 

Author Comment

by:deepi19
ID: 40533142
Thanks Dave. So the term FIPS module - would that apply to code within the .NET application i'm trying to install or is that a configurable change i can make with my TLS or Certificate settings on this Windows 2003 machine?
0
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 1500 total points
ID: 40533155
I don't think so.  If you read the article, it says that there are specific cryptographic DLLs that you must use.  I am honestly not sure what the relationships are.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:deepi19
ID: 40533160
Thanks Dave. Assuming then this isnt a setting in IIS or the security certificate itself i'll get onto the developers of the .NET application to confirm if the required cryptographic DLLs were used in development to support FIPS/TLS. Let me know if i'm missing the point your making as i have 0 knowledge of this area.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40533199
While there may be other issues, you are understanding me correctly.
0
 

Author Comment

by:deepi19
ID: 40533201
Thanks Dave, i'll reply back with details once i get information from them on this particular avenue.
0
 

Author Comment

by:deepi19
ID: 40556190
HI Dave, I think the dev team will need to handle this as i wasn't able to find anything else, i'll mention the cryptographic dll's you mention in case that's something they didn't use during dev.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 40556480
Ok.  It would be nice to know how this gets fixed.
0
 

Author Comment

by:deepi19
ID: 40556502
Sure, will post back when I get the info Dave.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses
Course of the Month13 days, 11 hours left to enroll

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question