Breeze.server and FIPS

[p-kos]

The new policies FIPS makes breeze server stop working

[steveschmitt]

I thought those settings only controlled encryption. Any idea why they make breeze server stop working?

[p-kos]

Microsoft does not allow Encryption used in breeze server.

[steveschmitt]

Is there some sort of error message, or other information that will help us fix the problem?

[steveschmitt]

Any clue you can give us about how to fix the problem?

[p-kos]

What I did, is downloaded the code, fix in my local and compile it.

[steveschmitt]

Great! What changes did you make to fix it?

I changed my Local Security Policy setting System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing to Enabled. But I still don't get any errors. What else would I need to do to cause the error (so I can tell when it is fixed)?

[lncrowe]

The issue is with using SHA1 to create a string hash, and SHA1 is not FIPS compliant. I saw this problem by making a projection query from the client using a select to only return a single specific field. I needed it in the older AspNet code, so I replaced System.Security.Cryptography.SHA1Managed() with a slightly different algorithm using SHA256.Create(). But I saw that SHA1 is also used in DynamicTypeInfo.cs, which will probably have the same problem.

[steveschmitt]

Aha! Thank you for the insight.

I still don't know how to reproduce the error, but I found the spot in DynamicTypeInfo.CalcStringHash() that uses SHA1, so I can change it there.