Enable FIPS
Describes how to enable FIPS 140 on a server than runs Sitecore
Note
This feature is available for core roles only in Sitecore 8.2, Update 5, and later. The XP service roles, including xConnect, do not support this feature.
f you enable the Use FIPS compliant algorithms for encryption, hashing, and signing security policy option in Windows, you must enable the correct cryptographic classes for Sitecore.
To enable the Sitecore FIPS support:
Go to the
/Website/binfolder of your Sitecore instance.Right-click the
Sitecore.Kernel.dllfile and select Properties.On the Details tab, note the value of the File version property:
Open the
machine.configfile. This file is in different folders on 32- and on 64-bit systems:On a 32-bit system, it is in the
%windir%\Microsoft.NET\Framework\<DotNetVersion>\Config\machine.configfolder.On a 64-bit system, it is in the
%windir%\Microsoft.NET\Framework64\<DotNetVersion>\Config\machine.configfolder.
Add the following node to the file:
<configuration> <!-- Other configuration settings --> <mscorlib> <cryptographySettings> <cryptoNameMapping> <cryptoClasses> <cryptoClass AESPROXY="Sitecore.SecurityModel.Cryptography.AesCryptoServiceProviderProxy, Sitecore.Kernel, Version=XX.X.X.XXXX, Culture=neutral"/> </cryptoClasses> <nameEntry name="Rijndael" class="AESPROXY"/> <nameEntry name="System.Security.Cryptography.Rijndael" class="AESPROXY"/> <nameEntry name="System.Security.Cryptography.RijndaelManaged" class="AESPROXY"/> <nameEntry name="AesManaged" class="AESPROXY"/> <nameEntry name="System.Security.Cryptography.AesManaged" class="AESPROXY"/> </cryptoNameMapping> </cryptographySettings> </mscorlib> </configuration>Use the file version value you noted in step 3 as the value of
Sitecore.Kernel.Version(marked as XX.X.X.XXXX above).Optionally, reset the Internet Information Services.