Enable FIPS 140-2 Compliance in SQL Server

  • Comments posted to this topic are about the item Enable FIPS 140-2 Compliance in SQL Server

  • "...When you enable FIPS and have an SSRS instance (or instances,) …"

    haha, good one, from SSRS 2016 and higher you can't have more than 1 instance because Micrsoft decided to screw us over.

  • peter.row - Monday, June 25, 2018 1:32 AM

    "...When you enable FIPS and have an SSRS instance (or instances,) …"

    haha, good one, from SSRS 2016 and higher you can't have more than 1 instance because Micrsoft decided to screw us over.

    I did not know this, thank you for the heads up.  My work is currently on SQL2014, and my home lab I tend to keep at the same version for testing purposes.  I'm rather surprised this was done, it's certainly going to make my next migration a bit more interesting (I've currently got one server with two instances of SSRS in production, and a QA server with four instances...)

  • jasona.work - Monday, June 25, 2018 5:24 AM

    peter.row - Monday, June 25, 2018 1:32 AM

    "...When you enable FIPS and have an SSRS instance (or instances,) …"

    haha, good one, from SSRS 2016 and higher you can't have more than 1 instance because Micrsoft decided to screw us over.

    I did not know this, thank you for the heads up.  My work is currently on SQL2014, and my home lab I tend to keep at the same version for testing purposes.  I'm rather surprised this was done, it's certainly going to make my next migration a bit more interesting (I've currently got one server with two instances of SSRS in production, and a QA server with four instances...)

    They also changed the interfaces for custom security, so if you are using anything other than windows authentication you're going to have to change things there too. Basically HttpContext.Current always returns null in SSRS 2016 and higher, another case of grief caused by MS.

  • I saw you used 3DES in your SSRS config. All encryption algorithms, other than AES_128, AES_192, and AES_256, are deprecated for SQL 2016 and higher. I know you were just giving an example, but others may not be aware.

  • The article was very good and I have a question

    In our environment we want to move away from using 3DES.  Is there a way to call out a different algorithm in the two config files. 

    We are using SQL Server 2014 and SQL Reporting Server 2014 on Windows 2012 Server.

    Your help is appreciated.

    One possible solution was to move to SQL Reporting Server 2016, but management did not want to do this.

    Your help is appreciated

    Jeff

  • john.deprato - Monday, June 25, 2018 6:23 AM

    I saw you used 3DES in your SSRS config. All encryption algorithms, other than AES_128, AES_192, and AES_256, are deprecated for SQL 2016 and higher. I know you were just giving an example, but others may not be aware.

    jayoub - Thursday, July 5, 2018 7:23 AM

    The article was very good and I have a question

    In our environment we want to move away from using 3DES.  Is there a way to call out a different algorithm in the two config files. 

    We are using SQL Server 2014 and SQL Reporting Server 2014 on Windows 2012 Server.

    Your help is appreciated.

    One possible solution was to move to SQL Reporting Server 2016, but management did not want to do this.

    Your help is appreciated

    Thank you both for the comments.

    As for the use of 3DES, I (to keep it simple) went with what the MS article had in the configuration file.  I've not tried to make the change using a different algorithm, such as one of the AES- types.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply