steveschmitt
commented
2 years ago I thought those settings only controlled encryption. Any idea why they make breeze server stop working?
Open p-kos opened 2 years ago
steveschmitt
commented
2 years ago I thought those settings only controlled encryption. Any idea why they make breeze server stop working?
p-kos
commented
2 years ago Microsoft does not allow Encryption used in breeze server.
steveschmitt
commented
2 years ago Is there some sort of error message, or other information that will help us fix the problem?
steveschmitt
commented
1 year ago Any clue you can give us about how to fix the problem?
p-kos
commented
1 year ago What I did, is downloaded the code, fix in my local and compile it.
steveschmitt
commented
1 year ago Great! What changes did you make to fix it?
I changed my Local Security Policy setting System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing to Enabled. But I still don't get any errors. What else would I need to do to cause the error (so I can tell when it is fixed)?
lncrowe
commented
3 months ago The issue is with using SHA1 to create a string hash, and SHA1 is not FIPS compliant. I saw this problem by making a projection query from the client using a select to only return a single specific field. I needed it in the older AspNet code, so I replaced System.Security.Cryptography.SHA1Managed() with a slightly different algorithm using SHA256.Create(). But I saw that SHA1 is also used in DynamicTypeInfo.cs, which will probably have the same problem.
steveschmitt
commented
3 months ago Aha! Thank you for the insight.
I still don't know how to reproduce the error, but I found the spot in DynamicTypeInfo.CalcStringHash() that uses SHA1, so I can change it there.
The new policies FIPS makes breeze server stop working