From 3b34e203dceb5a9a84bd811d0837c165078ad17f Mon Sep 17 00:00:00 2001
From: Tingluo Huang <tingluohuang@github.com>
Date: Tue, 12 Jan 2021 08:05:01 -0800
Subject: [PATCH] always use Fips Cryptography (#896)

---
 src/Runner.Listener/Configuration/ConfigurationManager.cs | 1 -
 src/Runner.Listener/Configuration/OAuthCredential.cs      | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/Runner.Listener/Configuration/ConfigurationManager.cs b/src/Runner.Listener/Configuration/ConfigurationManager.cs
index 84996547f..4831f2874 100644
--- a/src/Runner.Listener/Configuration/ConfigurationManager.cs
+++ b/src/Runner.Listener/Configuration/ConfigurationManager.cs
@@ -263,7 +263,6 @@ namespace GitHub.Runner.Listener.Configuration
                     {
                         { "clientId", agent.Authorization.ClientId.ToString("D") },
                         { "authorizationUrl", agent.Authorization.AuthorizationUrl.AbsoluteUri },
-                        { "requireFipsCryptography", agent.Properties.GetValue("RequireFipsCryptography", false).ToString() }
                     },
                 };
 
diff --git a/src/Runner.Listener/Configuration/OAuthCredential.cs b/src/Runner.Listener/Configuration/OAuthCredential.cs
index a0d2042b9..9e9cda07b 100644
--- a/src/Runner.Listener/Configuration/OAuthCredential.cs
+++ b/src/Runner.Listener/Configuration/OAuthCredential.cs
@@ -36,7 +36,7 @@ namespace GitHub.Runner.Listener.Configuration
             // We expect the key to be in the machine store at this point. Configuration should have set all of
             // this up correctly so we can use the key to generate access tokens.
             var keyManager = context.GetService<IRSAKeyManager>();
-            var signingCredentials = VssSigningCredentials.Create(() => keyManager.GetKey(), StringUtil.ConvertToBoolean(CredentialData.Data.GetValueOrDefault("requireFipsCryptography"), false));
+            var signingCredentials = VssSigningCredentials.Create(() => keyManager.GetKey(), requireFipsCryptography: true);
             var clientCredential = new VssOAuthJwtBearerClientCredential(clientId, authorizationUrl, signingCredentials);
             var agentCredential = new VssOAuthCredential(new Uri(oauthEndpointUrl, UriKind.Absolute), VssOAuthGrant.ClientCredentials, clientCredential);