FIPS MODE TURNED ON

Question

Hi,

I get the following error when I turn on FIPS mode and try to send email. I want to send email whether or not FIPS mode is turned on. useful Information for you : MD5CryptoServiceProvider is not FIPS Compliant.

Stack Trace: at System.Security.Cryptography.MD5CryptoServiceProvider..ctor() at System.RuntimeMethodHandle._InvokeConstructor(IRuntimeMethodInfo method, Object[] args, SignatureStruct& signature, RuntimeType declaringType) at System.RuntimeMethodHandle.InvokeConstructor(IRuntimeMethodInfo method, Object[] args, SignatureStruct signature, RuntimeType declaringType) at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at System.Security.Cryptography.CryptoConfig.CreateFromName(String name, Object[] args) at System.Security.Cryptography.MD5.Create() at Rebex.Security.Cryptography.CryptMD5Cram.ComputeHash(Byte[] data) at Rebex.Net.Smtp.LoginInternal(String userName, String password, SmtpAuthentication method) at Rebex.Net.Smtp.Login(String userName, String password, SmtpAuthentication method)

Please recommend me a solution if there is a solution to get this working if FIPS mode is turned on.

Thank you, Isaac

Answer 1

UPDATE: the fix is part of release 2012 R3.

It looks like the Smtp object is trying to authentication using CRAM-MD5 authentication method even though it should not try this in FIPS mode. We will look into this issue. As a workaround, try calling Smtp object's Login method with either SmtpAuthentication.Plain or SmtpAuthentication.Login as its third argument.

Comments

Hi luke,

Thank you, I will try the work around you have suggested And will let you know if this works for us.

Thank you and do aprreciate your response.

• isaac