Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The issue with FIPS: security error on license check #1033

Closed
confessor-adguard opened this issue Apr 11, 2016 · 8 comments

Comments

@confessor-adguard
Copy link

commented Apr 11, 2016

https://files.slack.com/files-pri/T0B41S97U-F0ZJX5JGN/2016-04-11_16-09-22.png

This implementation is not part of windows platform FIPS validated cryptograpic algorithms

@confessor-adguard

This comment has been minimized.

Copy link
Author

commented Apr 11, 2016

This problem occurs because the rijndael algorithm is not FIPS compliant.

To fix problem with group policy editor:

1. Start the Group Policy Object Editor tool (gpedit.msc).
2. In the console tree, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then select Security Options.
3. In the right pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.
4. In the dialog box that opens, select Disabled and click OK.
5. Restart the computer.

To fix problem with regedit:

a. Click Start, type regedit in the start search box and hit enter.
b. In the registry editor navigate to
HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled
c. This registry value reflects the current FIPS setting. If this setting is enabled, the value is 1. If this setting is disabled, the value is 0.
d. To disable it double click on the file and select 0.
e. Restart the computer and check.
@confessor-adguard confessor-adguard removed this from the 6.0 R2 milestone Apr 11, 2016
@confessor-adguard

This comment has been minimized.

Copy link
Author

commented Apr 11, 2016

Исправление ошибки с помощью regedit:

1. Запустить "gpedit.msc".
2. Открыть ветку "Конфигурация компьютера"->"Конфигурация Windows"->"Параметры безопасности"->"Локальные политики"->"Параметры безопасности".
3. Поменять значение параметра "Системная криптография: использовать FIPS-совместимые алгоритмы для шифрования, хэширования и подписывания" с "Включен" на "Отключен.
4. Перезагрузить компьютер.
@war59312

This comment has been minimized.

Copy link

commented Apr 11, 2016

Confessor, you should label yourself as Adguad Member.

See: #1006 (comment)

@confessor-adguard

This comment has been minimized.

Copy link
Author

commented Apr 11, 2016

Sure, why not :)

@war59312

This comment has been minimized.

Copy link

commented Apr 11, 2016

Thanks, much easier to follow you now. ;)

@ameshkov ameshkov changed the title Security error on license check The issue with FIPS: security error on license check Nov 30, 2017
@ameshkov ameshkov added bug P3: Medium and removed service labels Nov 30, 2017
@ameshkov ameshkov added this to the 6.3 milestone Nov 30, 2017
@ameshkov

This comment has been minimized.

Copy link
Member

commented Nov 30, 2017

Actually, let's reopen this as it happens from time to time. No idea why would anybody enable it.

To fix this issue, we should switch to the fully managed Rijndael implementation and avoid using winapi.

@ameshkov ameshkov reopened this Nov 30, 2017
@ameshkov

This comment has been minimized.

Copy link
Member

commented Nov 30, 2017

@adbuker

This comment has been minimized.

Copy link

commented Apr 5, 2018

resolved in adguard-windows/pull-requests/63

@zebrum zebrum closed this Apr 18, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.