Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

FIPS issue with Encryption and possibly Image-Resizer

See original GitHub issue

I’m submitting a …

[x] bug report [x] not sure

…about

[x] admin experience UI [x] APIs like REST [x] other / unknown

Current Behavior / Expected Behavior

Navigate to Apps Management > System tab. The following pop-up is showing:

It appears to be related to the GetSystemInfo API call 2sxc is making for that tab.

Instructions to Reproduce the Problem

This could potentially be an environment/configuration issue with the site, but it appears 2sxc may be using non-FIPS-compliant encryption for the Web API call.

Your environment**

In checking the web.config, we can confirm the following cryptography default provider:

    <cryptography defaultProvider="CoreCryptographyProvider">
      <providers>
        <clear />
        <add name="CoreCryptographyProvider" type="DotNetNuke.Services.Cryptography.CoreCryptographyProvider, DotNetNuke" providerPath="~\Providers\CryptographyProviders\CoreCryptographyProvider\" />
        <add name="FipsCompilanceCryptographyProvider" type="DotNetNuke.Services.Cryptography.FipsCompilanceCryptographyProvider, DotNetNuke" providerPath="~\Providers\CryptographyProviders\FipsCompilanceCryptographyProvider\" />
      </providers>
    </cryptography>

2sxc version(s): 14.12.3
Browser: all
DNN: 9.8.1
Hosting platform: IIS
Language: English

Issue Analytics

State:
Created 8 months ago
Comments:24 (12 by maintainers)

Top GitHub Comments

1reaction

iJungleboycommented, Feb 1, 2023

This is awesome news! Thanks for verifying it!

We’ll try to get the LTS out in 2-3 weeks - just need to finish some quite amazing new features 😉

1reaction

david-poindextercommented, Jan 31, 2023

@iJungleboy I have some GREAT news for you all. We were able to test v15.01.00 on a non-production server and the FIPS errors related to 2sxc specific features have now gone away. We’ll let you know if we run into any related issues, but this is fantastic. Fingers crossed that we’ll be able to get to a v15 LTS sooner rather than later for the client internal review/approval process for production extension use.