Relevant Products: Signature Manager Exchange Edition
Scenario
You are using Exclaimer Signature Manager Exchange Edition or Exclaimer Mail Disclaimers.
You have enabled the Federal Information Processing Standard (FIPS) and you notice that no signatures are appended to messages and you receive an error similar to this in the Exclaimer console:
ERROR: \System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. at System.Security.Cryptography.MD5CryptoServiceProvider..ctor() at Exclaimer.Common.XmlSerializationFactory.GenerateSerializerKey(Type type, Type[] extraTypes, Boolean includeAssemblyTimeStamps) at Exclaimer.Common.XmlSerializationFactory.FindCachedSerializer(Type type, XmlAttributeOverrides overrides, Type[] extraTypes, XmlRootAttribute root, String defaultNamespace) at Exclaimer.PolicyProcessingEngine.ExclaimerDeclaration.Create(Stream stream) at Exclaimer.PolicyProcessingEngine.ExclaimerDeclaration.Create() at Exclaimer.Console.Host.Engine.ConsoleHostApplication.GetProductAdaptor() at Exclaimer.Console.Host.Engine.ConsoleHostApplication.CreateSplashForm() at Exclaimer.Common.UI.SplashManager.#e.#CRg.#JRg(Func`1 creator, Int32 timeout) at Exclaimer.Common.UI.SplashManager.#e.#CRg.#e.#XXm.#pab() at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart()
Reason
Microsoft no longer recommends the use of the Federal Information Processing Standard (FIPS) mode.
One of the major reasons is:
FIPS defines cryptographic algorithms approved for use by U.S. Federal government computer systems. If you enable FIPS mode in Windows, this means that only FIPS-validated cryptographic algorithms will be used.
However, the .NET framework (used by most Microsoft applications, including Exclaimer Signature Manager Exchange Edition and Exclaimer Mail Disclaimers) supplies both FIPS and non-FIPS versions of the same cryptographic algorithms.
If FIPS mode is enabled, the non-FIPS algorithms throw an error and the application fails - this is what’s happening in this scenario.
(Non-FIPS versions are available and are used more widely; typically, they are faster).
Resolution
As a Microsoft Gold Partner, Exclaimer always advises the best practices and recommendations of Microsoft: therefore, we advise against the use of FIPS.
