I run several tools to help secure my computer systems - and frequently run updates for the latest releases for my firewall, antivirus, and operating system patches. But recently I wanted to step up my security game a bit - and began implementing a number of additional security measures.
There are several good sources on the web for additional tips and tricks to enhance the security of your computer - and as I worked through various recommendations, I decided to turn-on the Windows XP FIPS cryptographic option for critical information stored in certain file folders that I selected for encryption.
Since I had downloaded the latest updates for my internet security software and Microsoft Windows XP, there were a significant number of variables in flight. When the HTTPS connection to a number of critical financial web sites stopped working, I began the laborous process of root-cause analysis (while other HTTPS connections did appear to continue working).
I had created a Restore Point before beginning this adventure, but I always prefer to learn from problems - not just "get it to work".
After a few hours of investtigation, and acquiring some new computer forensic skills, I found out that the Microsoft FIPS cryptographic option is not compatible with SSL.
Saturday, November 17, 2007
FIPS and SSL - Bad Mojo
Posted by Kelvin Meeks