GlobalFipsMode Property
Gets or sets if MailBee must disable security algorithms which are not FIPS-compliant.

Namespace: MailBee
Assembly: MailBee.NET (in MailBee.NET.dll) Version: 12.3.1 build 666 for .NET 4.5
public static bool FipsMode { get; set; }

Property Value

Type: Boolean
If true, MD5 dependent authentication methods will be disabled. If false, all authentication methods will be enabled.

This property should only be set if the target machines where MailBee is being used must conform to a FIPS 140-2 standard. Such machines have HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\Enabled set to 1.

By default, MailBee does not use weak algorithms like MD5 and RC4 (even if FipsMode is false) and uses stronger methods like SHA1 instead (this concerns S/MIME, SSL, digests of Message-ID hashes, etc). However, there are things which can only be implemented via MD5. They include Apop, SaslCramMD5, SaslDigestMD5 authentication methods. When FipsMode is enabled, MailBee will never use these methods even if they are supported by the mail server.

FipsMode also affects how SHA1 and SHA256 algorithms are used with DomainKeys. In FIPS mode, MailBee will pick FIPS-compliant implementations of these algorithms instead of their managed code counterparts (managed code versions are faster but not FIPS-compliant). If FipsMode is NOT enabled and the current system is FIPS-compliant, MailBee will try a non-FIPS method first. It will fail with an exception, MailBee will catch that exception and fall back to a FIPS method. Enabling FipsMode avoids penalty of trying the method which will fail anyway.

SSL and S/MIME functions of MailBee are by default immune to FIPS restrictions and use FIPS-compliant methods.

Note Note
If the current system if FIPS-enabled and you didn't set FipsMode to true, you may get InvalidOperationException exceptions and related errors (mostly, with MD5-based authentication mechanisms). This is because .NET Framework will block MailBee's attempts to create instances of FIPS-noncompliant classes.
See Also