-
-
Notifications
You must be signed in to change notification settings - Fork 347
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Win10] This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. #1497
Comments
I think I figured out my issue. The issue is that I'm running the computer in a domain. A bit more specific, I have HKLM\SYSTEM\CurrentControlSet\Control\LSA\FipsAlgorithmPolicy\Enabled set to 1. The workaround is to set that key to 0. However, in my case (and anyone running on a domain), this is controlled by GPO and will be ineffective (next time gpupdate runs, it would set the key back to 1). According to Microsoft, the fix is to add in the runtime section of Visual Studio(if you're using VS) ckan config file. The below link has a bit more detail: |
Thanks for the report! Our build system isn't using VS (it's using mono), but if we can set something to opt our application out of FIPS enforcement that would be great! We're using SHA1 as a quick way to check if we've cached a file, not for Serious Crypto. Marking this as a bug that we'll need to address. (Although writing a test for our test suite may be a little challenging!) |
The change they are talking about isn't actually VS-specific, it just happens to fix debugging issues in VS which is why the article linked was written... https://msdn.microsoft.com/en-us/library/hh202806(v=vs.110).aspx They're just talking about your GUI/app.config file. |
ok, so I can repro this by using the group policy editor to enable this security option: GPO docs I am on Windows 10 x64. Exception
the PR fixes that unhandled exception but causes a new one later on because we are using a SHA1Cng is based on native code, which would ordinarily be a problem for cross-platform support, but mono stubs out a SHA1Cng for us which is a wrapper around SHA1Managed. Even though that kinda violates the FIPS standard, there is no "Group Policy Object" to enable the FIPS mode in the first place, so I think this fix will work on all platforms, though of course it needs testing. The test is simple enough - do we get to the main dialog with no exception or error dialog? There is also a test for the SHA algorithm itself. |
I received this error message after trying to run CKAN on windows 10 Pro x64. KSP (32 bit) itself works, I have .net 4.5 installed.
Below is the details in the debug window:
The text was updated successfully, but these errors were encountered: