MSMQ and Federal Information Processing Standard (FIPS)
The United States Government has a couple of standards that provide a benchmark for implementing cryptographic software.
These are:
To enable FIPS compliant algorithms in Windows 2003:
- In Control Panel, double-click Administrative Tools.
- In Administrative Tools, double-click Local Security Policy.
- In Local Security Policy, expand Local Policies, expand Security Options, and then double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing.
- In the System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing Properties dialog box, click the Local Security Setting tab.
- On the Local Security Setting tab, click Enabled, and then click OK.
- Close Local Security Policy.
If you enable these algorithms, however, you cannot send messages by using MSMQ over HTTPS. This is because by default a Secure Sockets Layer (SSL) 3.0 connection is established but SSL 3.0 is not FIPS compliant.
Back in April, a hotfix was produced to get round this as discussed in:
FIX: You cannot use Microsoft Message Queuing 3.0 to send messages over HTTPS if Federal Information Processing Standard (FIPS) is enabled in Windows Server 2003
