MOSS and FIPS

I was enjoying a special lunch my wife had made for me. She had been looking into bento boxes, and decided that I should take one to work. She made a sandwich that looked like a dapper suit and tie, and a hard-boiled egg sunrise.

Then I got the call that our client was seeing a new error. I left my special lunch behind and walked over to see what was going on. I found a new and exciting error on every page in Sharepoint: default, customized, and admin.

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

This was a new one to me. I realize that domain security settings have changed [Security Settings: Local Policies: Security Options: System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing] and clearly a configuration update is in order.

A quick search brings up the following KB article. That seems right, Sharepoint requires .NET 3.0 Framework. This hotfix should work. But it didn’t. Our dll was already a later version. Hmmm. A few days later a co-worker came to our rescue with the following fix. We add the machineKey to the root-level web.Config and define 3DES for validation and decryption. Problem solved, app compliant, delicious lunches enjoyed.

Additional Reading

Debug settings with FIPS compliance
Details about FIPS compliance in Windows

Leave a Reply

Name *
Email *
Website