System.Security.Cryptography.CryptographicException: FIPS-certified c_NMB implementation is not available. When FIPS mode is enabled

0
Negotiation Failed KeyExchange Failed I am using UltimateSftp.v6.8.4155 and .NET 4.7.1. If FIPS mode is off, everything works fine, however when we enable FIPS mode on the server we get the following error. Sftp: 1, Thread Id: 0 [06/11/2018 15:46:50.84] Information - Info: Connecting to rkvwnapptd109.devlab.dev:22 - Sftp v6.8.40.4155 (Production version). [06/11/2018 15:46:50.87] Verbose - Ssh: Sending data: 53 53 48 2D 32 2E 30 2D 43 6F 6D 70 6F 6E 65 6E 74 50 72 6F 53 53 48 5F 36 2E 38 2E 34 30 2E 34 31 35 35 0D 0A [06/11/2018 15:46:50.96] Verbose - Ssh: Received data: 53 53 48 2D 32 2E 30 2D 4F 70 65 6E 53 53 48 5F 36 2E 38 0D 0A [06/11/2018 15:46:50.96] Debug - Ssh: Server is 'SSH-2.0-OpenSSH_6.8'. [06/11/2018 15:46:50.97] Information - Ssh: Negotiation started. [06/11/2018 15:46:50.98] Verbose - Ssh: Sending packet SSH_MSG_KEXINIT (336 bytes). 14 E3 5E B3 07 4D 10 AC 43 6B DD 4B 6D B2 28 62 00 00 00 00 24 64 69 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E 67 65 2D 73 68 61 32 35 36 00 00 00 1E 73 73 68 2D 72 73 61 2D 73 68 61 32 35 36 40 73 73 68 2E 63 6F 6D 2C 73 73 68 2D 72 73 61 00 00 00 29 61 65 73 32 35 36 2D 63 62 63 2C 61 65 73 31 39 32 2D 63 62 63 2C 61 65 73 31 32 38 2D 63 62 63 2C 33 64 65 73 2D 63 62 63 00 00 00 29 61 65 73 32 35 36 2D 63 62 63 2C 61 65 73 31 39 32 2D 63 62 63 2C 61 65 73 31 32 38 2D 63 62 63 2C 33 64 65 73 2D 63 62 63 00 00 00 25 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 31 00 00 00 25 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 31 00 00 00 1A 6E 6F 6E 65 2C 7A 6C 69 62 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 00 00 00 1A 6E 6F 6E 65 2C 7A 6C 69 62 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 [06/11/2018 15:46:51.00] Verbose - Ssh: Received packet SSH_MSG_KEXINIT (743 bytes). 14 3B B5 98 BB 32 BF 19 F0 53 71 3C D7 21 8B 1C A3 00 00 00 96 63 75 72 76 65 32 35 35 31 39 2D 73 68 61 32 35 36 40 6C 69 62 73 73 68 2E 6F 72 67 2C 65 63 64 68 2D 73 68 61 32 2D 6E 69 73 74 70 32 35 36 2C 65 63 64 68 2D 73 68 61 32 2D 6E 69 73 74 70 33 38 34 2C 65 63 64 68 2D 73 68 61 32 2D 6E 69 73 74 70 35 32 31 2C 64 69 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E 67 65 2D 73 68 61 32 35 36 2C 64 69 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 70 31 34 2D 73 68 61 31 00 00 00 2F 73 73 68 2D 72 73 61 2C 73 73 68 2D 64 73 73 2C 65 63 64 73 61 2D 73 68 61 32 2D 6E 69 73 74 70 32 35 36 2C 73 73 68 2D 65 64 32 35 35 31 39 00 00 00 08 33 64 65 73 2D 63 62 63 00 00 00 08 33 64 65 73 2D 63 62 63 00 00 00 D5 75 6D 61 63 2D 36 34 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 31 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 36 34 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 31 00 00 00 D5 75 6D 61 63 2D 36 34 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 31 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 36 34 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 31 00 00 00 15 6E 6F 6E 65 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 00 00 00 15 6E 6F 6E 65 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 Exception thrown: 'System.Security.Cryptography.CryptographicException' in ComponentPro.Network.dll [06/11/2018 15:46:51.05] Error - Ssh: Negotiation failed. FIPS-certified c_NMB implementation is not available. The thread 0x3cd8 has exited with code 0 (0x0). Exception thrown: 'ComponentPro.Net.SecureShellException' in ComponentPro.Network.dll Sftp: 1, Thread Id: 0 [06/11/2018 15:46:51.08] Error - Info: ComponentPro.Net.SecureShellException: Negotiation failed. ---> System.Security.Cryptography.CryptographicException: FIPS-certified c_NMB implementation is not available. at c_HMB.c_ZMB(c_MMB c_AZA) at c_HMB.c_YMB(c_MMB c_AZA, Boolean c_OLB) at c_HMB.c_DLB(Boolean c_LLB) at c_RWD.c_BXD(c_RWD c_MBE, SecureShellKeyExchangeAlgorithm& c_S4D, SecureShellHostKeyAlgorithm& c_T4D, c_KMB& c_JYB) at ComponentPro.Net.SecureShellConnection.c_YUD(Byte[] c_H4D) --- End of inner exception stack trace --- at ComponentPro.Net.SecureShellConnection.c_YUD(Byte[] c_H4D) at ComponentPro.Net.SecureShellConnection.Negotiate() at ComponentPro.Net.Sftp.c_K4E(String c_ROA, Int32 c_PKD, SecureShellConfig c_LJB, AsyncOperation c_M) Exception thrown: 'ComponentPro.Net.SftpException' in ComponentPro.Sftp.dll I have tried multiple configuration changes based on information found on this site, but nothing seems to be working for me. Included below is the code as I currently have it implemented. SecuritySettings.ForceManagedAes = false; SecuritySettings.FipsAlgorithmsOnly = true; ComponentPro.Diagnostics.XTrace.Default.Level = ComponentPro.Diagnostics.TraceEventType.Verbose; ComponentPro.Diagnostics.XTrace.Default.Listeners.Add(new ComponentPro.Diagnostics.UltimateOutputTraceListener()); _sftp = new Sftp(); _sftp.Config.HostKeyAlgorithms = SecureShellHostKeyAlgorithm.RSA; _sftp.Config.PreferredHostKeyAlgorithm = SecureShellHostKeyAlgorithm.RSA; _sftp.Config.KeyExchangeAlgorithms = SecureShellKeyExchangeAlgorithm.DiffieHellmanGroupExchangeSHA256; _sftp.ReconnectionMaxRetries = 2; // Connect to the server _sftp.Connect(host, port); _sftp.Authenticate(userName, password); It fails on the connect.
 
asked 6/11/2018 7:59:55 PM
add a comment

3 Answers

0
I have just about given up on getting a response or a fix for this issue. I will try one more time before shopping for a new component. Is there any update on the new release or a fix for this issue. thanks
 
answered 7/24/2018 5:43:44 PM
add a comment
0
Any idea when the DDL will become available? Thanks
 
answered 6/19/2018 1:06:29 PM
add a comment
0
We will be sending you a new DLL for testing.
 
answered 6/14/2018 3:06:15 PM
  Any update when the new DLL will be available for testing? mccullin 7/9/2018 5:48:09 PM
add a comment

Your Answer

Not the answer you're looking for? Browse other questions tagged ultimate sftp or ask your own question.