Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...DotNetNuke and FIPS compliance?DotNetNuke and FIPS compliance?
Previous
 
Next
New Post
3/7/2012 1:29 PM
 
Leith Tussing


Joined: 2/14/2006
Posts: 45

We are working on a DNN installation that will reside on a system that enforces FIPS compliance encryption methods only be used.

 

System cryptography: Use FIPS compliant algorithms for encryption, crashing, and signing


FIPS stands for Federal Information Processing Standards 140-1 and 140-2. This setting impacts many if not all features of windows that use cryptography and impose minimum encryption algorithm and key length requirements.

Windows component Impact
TLS/SSL (secure http and other secure sockets layer communication) Restricted to Triple DES encryption algorithm for the TLS traffic encryption, only the Rivest, Shamir, and Adleman (RSA) public key algorithm for the TLS key exchange and authentication, and only the Secure Hashing Algorithm 1 (SHA-1) for the TLS hashing requirement
Encrypting File System (EFS) Triple Data Encryption Standard (DES) encryption algorithm for encrypting file data supported by the NTFS file system
Terminal Services Triple DES encryption algorithm for encrypting terminal services network communication
IPsec Triple DES

The first hurdle of course is that .NET 2/3/3.5 are not natively FIPS compliant in themselves as they do certain aspects using AES however there is a workaround for that.

http://support.microsoft.com/kb/911722

Once that is resolved though I've found DNN calls the MD5 cryptographic libraries on load from the ClientDependency.Core.StringExtensions.GenerateMD5.  Well this is the first place it calls it from at least which breaks the website with a "This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms." message as MD5 is not FIPS validated.

Two questions then.

  1. Is there a way to make DNN FIPS compliant without doing custom work myself?  Non-FIPS methods can not even be instantiated let alone called.
  2. If not are there plans to make DNN FIPS compliant?

Of note Telerik in 2011 Q3 made the RadControls FIPS compliant.

http://www.telerik.com/help/aspnet-aj...
 
New Post
4/12/2012 11:16 AM
 
Leith Tussing


Joined: 2/14/2006
Posts: 45
I found the answer to this question once we finally purchased DNN Pro, it would have been nice to have known this before to help guide us better.

"To resolve this issue please use the professional edition web based caching provider."
 
New Post
4/19/2012 6:58 PM
 
Sabaratnam Selvarajah


Joined: 9/19/2011
Posts: 19
"To resolve this issue please use the professional edition web based caching provider."We have a DNN PE installation but we are not sure how to enable the use of web based caching. Please let us know how to make DNN to use the professional edition web based caching provider. Is it a web.config change or a host/portal setting.
 
New Post
4/19/2012 7:27 PM
 
Leith Tussing


Joined: 2/14/2006
Posts: 45
Log in with your account that has support attached to it and look in the support/KB articles area. There's a document specific to FIPS and DNN.

You may also need to look into FIPS and .NET as .NET does not natively run in FIPS mode either.
 
New Post
4/19/2012 8:05 PM
 
Sabaratnam Selvarajah


Joined: 9/19/2011
Posts: 19
Leith,Thanks a lot for your prompt reply. I will have to talk to the bigwigs about the "support enabled" account details.
 
 Page 1 of 3
123Next 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...DotNetNuke and FIPS compliance?DotNetNuke and FIPS compliance?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out