System.Security.Cryptography.CryptographicException: FIPS-certified c_NMB implementation is not available. When FIPS mode is enabled

Subject: System.Security.Cryptography.CryptographicException: FIPS-certified c_NMB implementation is not available. When FIPS mode is enabled
Date: 2018-06-11 19:59:55
From: mccullin
Source: system-security-cryptography-cryptographicexception-fips-certified-c-nmb-implementation-not-available-fips-mode-enabled
----------------------------------------------------------------------

Negotiation Failed
KeyExchange Failed


I am using UltimateSftp.v6.8.4155 and .NET 4.7.1.  If FIPS mode is off, everything works fine, however when we enable FIPS mode on the server we get the following error.

Sftp: 1, Thread Id: 0 [06/11/2018 15:46:50.84] Information - Info: Connecting to rkvwnapptd109.devlab.dev:22 - Sftp v6.8.40.4155 (Production version).
 [06/11/2018 15:46:50.87] Verbose - Ssh: Sending data:
	53 53 48 2D 32 2E 30 2D 43 6F 6D 70 6F 6E 65 6E 74 50 72 6F 53 53 48 5F 36 2E 38 2E 34 30 2E 34 31 35 35 0D
	0A
 [06/11/2018 15:46:50.96] Verbose - Ssh: Received data:
	53 53 48 2D 32 2E 30 2D 4F 70 65 6E 53 53 48 5F 36 2E 38 0D 0A
 [06/11/2018 15:46:50.96] Debug - Ssh: Server is 'SSH-2.0-OpenSSH_6.8'.
 [06/11/2018 15:46:50.97] Information - Ssh: Negotiation started.
 [06/11/2018 15:46:50.98] Verbose - Ssh: Sending packet SSH_MSG_KEXINIT (336 bytes).
	14 E3 5E B3 07 4D 10 AC 43 6B DD 4B 6D B2 28 62 00 00 00 00 24 64 69 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D
	67 72 6F 75 70 2D 65 78 63 68 61 6E 67 65 2D 73 68 61 32 35 36 00 00 00 1E 73 73 68 2D 72 73 61 2D 73 68 61
	32 35 36 40 73 73 68 2E 63 6F 6D 2C 73 73 68 2D 72 73 61 00 00 00 29 61 65 73 32 35 36 2D 63 62 63 2C 61 65
	73 31 39 32 2D 63 62 63 2C 61 65 73 31 32 38 2D 63 62 63 2C 33 64 65 73 2D 63 62 63 00 00 00 29 61 65 73 32
	35 36 2D 63 62 63 2C 61 65 73 31 39 32 2D 63 62 63 2C 61 65 73 31 32 38 2D 63 62 63 2C 33 64 65 73 2D 63 62
	63 00 00 00 25 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C 68 6D 61
	63 2D 73 68 61 31 00 00 00 25 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31
	32 2C 68 6D 61 63 2D 73 68 61 31 00 00 00 1A 6E 6F 6E 65 2C 7A 6C 69 62 2C 7A 6C 69 62 40 6F 70 65 6E 73 73
	68 2E 63 6F 6D 00 00 00 1A 6E 6F 6E 65 2C 7A 6C 69 62 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 00
	00 00 00 00 00 00 00 00 00 00 00 00
 [06/11/2018 15:46:51.00] Verbose - Ssh: Received packet SSH_MSG_KEXINIT (743 bytes).
	14 3B B5 98 BB 32 BF 19 F0 53 71 3C D7 21 8B 1C A3 00 00 00 96 63 75 72 76 65 32 35 35 31 39 2D 73 68 61 32
	35 36 40 6C 69 62 73 73 68 2E 6F 72 67 2C 65 63 64 68 2D 73 68 61 32 2D 6E 69 73 74 70 32 35 36 2C 65 63 64
	68 2D 73 68 61 32 2D 6E 69 73 74 70 33 38 34 2C 65 63 64 68 2D 73 68 61 32 2D 6E 69 73 74 70 35 32 31 2C 64
	69 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E 67 65 2D 73 68 61 32 35 36 2C
	64 69 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 70 31 34 2D 73 68 61 31 00 00 00 2F 73 73 68 2D 72
	73 61 2C 73 73 68 2D 64 73 73 2C 65 63 64 73 61 2D 73 68 61 32 2D 6E 69 73 74 70 32 35 36 2C 73 73 68 2D 65
	64 32 35 35 31 39 00 00 00 08 33 64 65 73 2D 63 62 63 00 00 00 08 33 64 65 73 2D 63 62 63 00 00 00 D5 75 6D
	61 63 2D 36 34 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 2D 65 74 6D 40 6F
	70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 2D 65 74 6D 40 6F 70 65 6E 73 73 68
	2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68
	6D 61 63 2D 73 68 61 31 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 36 34 40 6F 70 65
	6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73
	68 61 32 2D 32 35 36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 31 00 00 00 D5 75
	6D 61 63 2D 36 34 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 2D 65 74 6D 40
	6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 32 35 36 2D 65 74 6D 40 6F 70 65 6E 73 73
	68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C
	68 6D 61 63 2D 73 68 61 31 2D 65 74 6D 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 36 34 40 6F 70
	65 6E 73 73 68 2E 63 6F 6D 2C 75 6D 61 63 2D 31 32 38 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 2C 68 6D 61 63 2D
	73 68 61 32 2D 32 35 36 2C 68 6D 61 63 2D 73 68 61 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 31 00 00 00 15
	6E 6F 6E 65 2C 7A 6C 69 62 40 6F 70 65 6E 73 73 68 2E 63 6F 6D 00 00 00 15 6E 6F 6E 65 2C 7A 6C 69 62 40 6F
	70 65 6E 73 73 68 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00
Exception thrown: 'System.Security.Cryptography.CryptographicException' in ComponentPro.Network.dll
 [06/11/2018 15:46:51.05] Error - Ssh: Negotiation failed. FIPS-certified c_NMB implementation is not available.
The thread 0x3cd8 has exited with code 0 (0x0).
Exception thrown: 'ComponentPro.Net.SecureShellException' in ComponentPro.Network.dll
Sftp: 1, Thread Id: 0 [06/11/2018 15:46:51.08] Error - Info: ComponentPro.Net.SecureShellException: Negotiation failed. ---> System.Security.Cryptography.CryptographicException: FIPS-certified c_NMB implementation is not available.
   at c_HMB.c_ZMB(c_MMB c_AZA)
   at c_HMB.c_YMB(c_MMB c_AZA, Boolean c_OLB)
   at c_HMB.c_DLB(Boolean c_LLB)
   at c_RWD.c_BXD(c_RWD c_MBE, SecureShellKeyExchangeAlgorithm& c_S4D, SecureShellHostKeyAlgorithm& c_T4D, c_KMB& c_JYB)
   at ComponentPro.Net.SecureShellConnection.c_YUD(Byte[] c_H4D)
   --- End of inner exception stack trace ---
   at ComponentPro.Net.SecureShellConnection.c_YUD(Byte[] c_H4D)
   at ComponentPro.Net.SecureShellConnection.Negotiate()
   at ComponentPro.Net.Sftp.c_K4E(String c_ROA, Int32 c_PKD, SecureShellConfig c_LJB, AsyncOperation c_M)
Exception thrown: 'ComponentPro.Net.SftpException' in ComponentPro.Sftp.dll



I have tried multiple configuration changes based on information found on this site, but nothing seems to be working for me.  Included below is the code as I currently have it implemented.

  SecuritySettings.ForceManagedAes = false;
  SecuritySettings.FipsAlgorithmsOnly = true;

  ComponentPro.Diagnostics.XTrace.Default.Level = ComponentPro.Diagnostics.TraceEventType.Verbose;
  ComponentPro.Diagnostics.XTrace.Default.Listeners.Add(new ComponentPro.Diagnostics.UltimateOutputTraceListener());

  _sftp = new Sftp();
  _sftp.Config.HostKeyAlgorithms = SecureShellHostKeyAlgorithm.RSA;
  _sftp.Config.PreferredHostKeyAlgorithm = SecureShellHostKeyAlgorithm.RSA;
  _sftp.Config.KeyExchangeAlgorithms = SecureShellKeyExchangeAlgorithm.DiffieHellmanGroupExchangeSHA256;

  _sftp.ReconnectionMaxRetries = 2;

  // Connect to the server
  _sftp.Connect(host, port);
  _sftp.Authenticate(userName, password);


It fails on the connect.

----------------------------------------------------------------------

Note: This question has been asked on the Q&A forum of Thang Dang's fraudulent ComponentPro brand
If you purchased anything from ComponentPro, you have been scammed. Contact the payment processor
who sold you the license and ask for your money back.

Back to ComponentPro Q&A Forum Index