Blog Articles

MOSS and FIPS

I was enjoying a special lunch my wife had made for me. She had been looking into bento boxes, and decided that I should take one to work. She made a sandwich that looked like a dapper suit and tie, and a hard-boiled egg sunrise.

Then I got the call that our client was seeing a new error. I left my special lunch behind and walked over to see what was going on. I found a new and exciting error on every page in Sharepoint: default, customized, and admin.

This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.

This was a new one to me. I realize that domain security settings have changed [Security Settings: Local Policies: Security Options: System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing] and clearly a configuration update is in order.

A quick search brings up the following KB article. That seems right, Sharepoint requires .NET 3.0 Framework. This hotfix should work. But it didn't. Our dll was already a later version. Hmmm. A few days later a co-worker came to our rescue with the following fix. We add the machineKey to the root-level web.Config and define 3DES for validation and decryption. Problem solved, app compliant, delicious lunches enjoyed.

Additional Reading

Debug settings with FIPS compliance
Details about FIPS compliance in Windows

Article Tags

MOSS
Blog