Orchard icon indicating copy to clipboard operation
Orchard copied to clipboard

Published 20 hours ago verified publisher icon OrchardCMS

FIPS Compliance Issue

Open njones57 opened this issue 5 years ago • 2 comments

Due to a company policy requiring NIST policy compliance, FIPS has been turned on for most of our machines. When re-building the indexes in Orchard, we are seeing the following error:

image

Are there any updates or configuration settings we could change to fix this?

This is for Orchard v1.10.2

njones57 avatar Apr 29 '19 15:04 njones57

I think it means that you would need to change the MD5CryptoServiceProvider for using something else since FIPS doesn't allow anything else than TLS 1.0 encryption (SHA-1 or SHA-2). An alternative would be to add this configuration section in your web.config file :

<configuration>
    <runtime>
        <enforceFIPSPolicy enabled="false"/>
    </runtime>
</configuration>

Skrypt avatar Apr 30 '19 09:04 Skrypt

The only solution seems to be to build a custom version of Lucene that would not use this provider. See the same issue for DNN and how it was fixed: https://dnntracker.atlassian.net/browse/DNN-4125

I assume you could use your own build, or provide a fix to Lucene.NEt if it's still maintained.

sebastienros avatar May 02 '19 19:05 sebastienros