FIPS error encountered when using CrossTalk

This implementation is not part of the windows platform FIPS validated cryptographic algolrithms.

This error will occur with most .NET applications including CrossTalk if the host computer has been configured to require cryptographic algorithms to be FIPS compliant. This is not limited to CrossTalk in any manner – in fact this affects many Microsoft products including VSTO, ASP.NET, SQL Server, and more.

For example, MD5 is not FIPS compliant but .NET uses it for object hashes, streaming of generic classes and more. These are not security related issues, but unfortunately, they trigger a FIPS conflict.

To solve this you instruct Windows to ignore the FIPS requirement for your .NET application. To do this you must create a .NET application config file and add an enforceFIPSPolicy entry:

   <enforceFIPSPolicy enabled="false"/> 

This entry must go in a file that is in the same location as your EXE file and have a .config extension. For example if your EXE is myapp.exe, the .NET application config file would be myapp.exe.config.

This setting is per EXE though and must be set for any EXE which uses CrossTalk. This includes:

  • yourapp.exe.config
  • bds.exe.config
  • CTClassGen (all variants).exe.config

Once this setting is enabled, the FIPS error will no longer appear.

Additional Info

While some government and other users may have a mandate to enable FIPS, most users should not use FIPS unless they need to.