FIPS policy blocks access to RDS-Postgres on AWS

Question

I am facing an access problem when I connect to a postgres database instance on AWS/RDS. The connection is made using the library NPGSQL. Debbugging and logging, I found that the problem occurs during theauthentication. The configuration of PG_HBA made behind the curtain by RDS is set to have the password MD5 encrypted. But MD5 is not a FIPS compliant algorithm and I get the exception.

I cannot bypass FIPS compliancy because of a company domain rule. If i try to set the flag Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy in the windows registry to 0, it is set back to 1 after a while because of this policy.

Is there a way to change the encryption method for the connection password in RDP/Postgres?

Is there a way to overcome this problem some other way, for example editing the web.config file of the application?

Thank you.

score 0 · Answer 1 · answered Apr 24 '18 at 12:32

I have solved bypassing the FIPS compliancy by adding the following settings in the file machine.config of the .net platform:

<configuration>
    <runtime>
        <enforceFIPSPolicy enabled="false"/>
    </runtime>
</configuration>

I have been inspired here for the solution: https://blogs.msdn.microsoft.com/shawnfa/2008/03/14/disabling-the-fips-algorithm-check/

FIPS policy blocks access to RDS-Postgres on AWS

1 Answers1