Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...DotNetNuke and FIPS compliance?DotNetNuke and FIPS compliance?
Previous
 
Next
New Post
4/23/2012 3:58 PM
 
Brandon Haynes Haynes


brandonhaynes.org
Joined: 2/6/2006
Posts: 1172

You'd have to supply a full stack trace in order for anyone to know where the specific MD5 hash is being attempted. 

(I assume someone has already pointed this out, but it is a bit contradictory to be working so hard on avoiding weak hashing algorithms while running a known-insecure version of DotNetNuke.  MD5 is the least of your concerns.)

Brandon Haynes
BrandonHaynes.org
 
New Post
4/26/2012 2:08 AM
 
Sabaratnam Selvarajah


Joined: 9/19/2011
Posts: 19
Brandon,The error I get is as follows:-(The the custom module reads in an XML file to build a list of URL's as an asp:DataList (legacy code)).For the time being we have no option but to work with DNN 5.2.2.75 Error: Resources is currently unavailable.DotNetNuke.Services.Exceptions.ModuleLoadException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. ---> System.Web.HttpParseException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. at System.Security.Cryptography.MD5CryptoServiceProvider..ctor() at System.Web.Compilation.AssemblyBuilder.AddChecksumPragma(BuildProvider buildProvider, CodeCompileUnit compileUnit) at System.Web.Compilation.AssemblyBuilder.AddCodeCompileUnit(BuildProvider buildProvider, CodeCompileUnit compileUnit) at System.Web.Compilation.BaseTemplateBuildProvider.GenerateCode(AssemblyBuilder assemblyBuilder) at System.Web.Compilation.AssemblyBuilder.AddBuildProvider(BuildProvider buildProvider) --- End of inner exception stack trace --- at System.Web.Compilation.AssemblyBuilder.AddBuildProvider(BuildProvider buildProvider) at System.Web.Compilation.BuildProvidersCompiler.ProcessBuildProviders() at System.Web.Compilation.BuildProvidersCompiler.PerformBuild() at System.Web.Compilation.BuildManager.CompileWebFile(VirtualPath virtualPath) at System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile) at System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile) at System.Web.Compilation.BuildManager.GetVPathBuildResult(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile) at System.Web.UI.TemplateControl.LoadControl(VirtualPath virtualPath) at System.Web.UI.TemplateControl.LoadControl(String virtualPath) at DotNetNuke.UI.ControlUtilities.LoadControl[T](TemplateControl containerControl, String ControlSrc) at DotNetNuke.UI.Modules.ModuleHost.LoadModuleControl() --- End of inner exception stack trace ---
 
New Post
4/26/2012 11:32 AM
 
Brandon Haynes Haynes


brandonhaynes.org
Joined: 2/6/2006
Posts: 1172

Hi Selva,

Assuming that you are not attempting to utilize .NET's compiler directly (this does not appear to be the case), the code is most likely caused by attempting to dynamically compile a page with debugging information embedded in the result.  Looking at the relevant method -- AssemblyBuilder.AddChecksumPragma -- when the IncludeDebuggingInformation flag is set as a compiler parameter, an MD5 hash is invariantly attempted.  You _must_ disable this flag in order to avoid the FIPS-insecure hash.

I would approach this problem by disabling debugging mode in all the usual places (e.g. web.config).

Hope this gets you started!

Brandon

Brandon Haynes
BrandonHaynes.org
 
New Post
4/26/2012 1:06 PM
 
Sabaratnam Selvarajah


Joined: 9/19/2011
Posts: 19
Hi Brandon,My web.config has the following under the "Compilation" tag I have also searched for 'debug' through out the web.config file and found all references to debug are set to "false" as well.However I just noticed that the VS2010 project of this custom module has the following two flags set under the Build Properties:- "Define DEBUG constant" and"Define TRACE constant"I will turn these two flags off prior to rebuilding and testing and will report the results.Once again thanks a lot for your prompt responses.
 
New Post
4/26/2012 1:42 PM
 
Sabaratnam Selvarajah


Joined: 9/19/2011
Posts: 19
Brandon,You are brilliant! Even though our portal web.config had debugging mode disabled we had a web.config file hiding under the module VS project folder which had Debug set to true. When I rebuilt the module after setting that flag to 'false' everything worked fine. We always delete the web.config under the module projects this particular one had gone unnoticed. Now we can breath easy even though the DNN version we are running is not totally OK as far as FIPS is concerned at least we can demonstrate our apps under a FIPS enabled server. We appreciate your help and that of the DNN community very much.
 
 Page 3 of 3
Previous123 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...DotNetNuke and FIPS compliance?DotNetNuke and FIPS compliance?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out