I’ve set up Octopus 3.2.1 but in order to log in I had to disable FIPS mode (https://support.microsoft.com/en-us/kb/811833) because otherwise login to server would fail with “This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.”
Thanks for getting in touch! Octopus 3 should be FIPS compliant. We have been able to confirm this.
So we need to figure out what might be the cause of your instance not allowing FIPS to be enabled.
What we will need to diagnose and replicate are very specific details. If you could answer the following with as much detail as possible
What OS version are you using
1a. What bit version of OS and also Octopus Server
What SQL server version are you using
2a. Is SQL server local or external
Are you using AD or user/pass
3a. if AD did you have to define the container
are you using the Octopus default paths
4a. If not, what did you redefine
Hopefully this will help us figure out which part FIPS is complaining about.
Vanessa
Thanks for the info. I’ve added an issue to investigate what is causing it. I will let you know if we require any further information.
Here is the issue if you want to track it: https://github.com/OctopusDeploy/Issues/issues/2196
Can you send the server logs from when the error is still happening. We were able to very easily reproduce the same error when you reported it, but cannot now with that version.
So we need to know what it is about your environment that’s different from the ones we are using to test, as we used exactly the details you gave us.
We are hoping the stack trace in the logs from seeing this error will help.
We found this was due to our Gravatar usage - it only accepts email addresses in MD5 - so we have disabled it when FIPS is in use.
We made this and other changes, it will be part of our 3.3.1 release.
Please track the issue here: https://github.com/OctopusDeploy/Issues/issues/2376