Answer/Solution:
Your Windows environment may be configured to use FIPS encryption that is conflicting with WebInspect.
To correct this you will need to disable the "Local
Security Setting System cryptography: Use FIPS compliant algorithms for
encryption, hashing, and signing" policy in Windows.
- Go to Start > Control Panel > Administrative tools > Local Security Policy. The Group Policy dialog appears.
- Under the "Local Policies" heading, select "Security Options" and look for the entry, "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing."
- If entry this is enabled, disable it.
-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\fipsalgorithmpolicy
ASP.NET 2.0 uses the RijndaelManaged implementation of
the AES algorithm when it processes view state data. The ReindaelManaged
implementation has not been certified by the National Institute of
Standards and Technology (NIST) as compliant with the Federal
Information Processing Standard (FIPS). Therefore, the AES algorithm is
not part of the Windows Platform FIPS validated cryptographic
algorithms.
Thank you so much, I've referred to this document multiple times!!
ReplyDeleteThanks, I eventually permanently resolved the issue by re-installing Win 8 on my PC - I am now able to use both Cisco AnyConnect and connectwise with the default settings of FIPS
ReplyDelete