Host ID#8246
Merged
Merged
Conversation
danielmarbach
requested review from
DavidBoike,
andreasohlund,
Copilot and
mattmercurio
Contributor
There was a problem hiding this comment.
Pull request overview
Documents NServiceBus host identifier generation changes related to FIPS environments and prepares users for the planned default switch to XxHash128 in the v11 upgrade guide.
Changes:
- Reworks the FIPS compliance page to use version-gated partials for host ID generation guidance.
- Updates the deterministic GUID workaround snippet from SHA1 to SHA256.
- Adds a v10→v11 upgrade guide section describing the upcoming host identifier algorithm change and the legacy opt-out.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| Snippets/Core/Core_All/Sha256DeterministicHash.cs | Updates the deterministic GUID snippet to use SHA256 and aligns region/class naming with the snippet reference. |
| nservicebus/upgrades/10to11/index.md | Adds guidance about the v11 default host identifier algorithm change and how to preserve legacy IDs. |
| nservicebus/compliance/fips.md | Splits host ID generation guidance into a versioned partial for clearer, version-specific instructions. |
| nservicebus/compliance/fips_host-id-generation_core_[10,).partial.md | Documents the v10.2+ XxHash128 opt-in switch and legacy override context for FIPS scenarios. |
| nservicebus/compliance/fips_host-id-generation_core_[,10).partial.md | Documents the pre-10 workaround using SHA256-based host ID overrides and clarifies the rationale. |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
andreasohlund
approved these changes
May 11, 2026
DavidBoike
reviewed
May 11, 2026
| > FIPS policy enforcement does only exist on .NET Framework. | ||
| > FIPS policy enforcement only exists on .NET Framework. | ||
| The Particular Software Platform is not FIPS compatible, and no testing is done to ensure components will work properly on FIPS-enabled hardware. The platform currently uses `System.Security.Cryptography` classes only for hashing, and not for data security purposes. |
Member
There was a problem hiding this comment.
Do we need an "except where specifically stated" here, given we have a MessagePropertyEncryption component?
|
|
||
| > [!NOTE] | ||
| > FIPS policy enforcement does only exist on .NET Framework. | ||
| > FIPS policy enforcement only exists on .NET Framework. |
Member
There was a problem hiding this comment.
We have seen people running on base containers where SHA1 is missing though. Do we need to mention that?
| <PackageReference Include="NUnit3TestAdapter" Version="5.*" /> | ||
| <PackageReference Include="OpenTelemetry" Version="1.*" /> | ||
| <PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.*" /> | ||
| <PackageReference Include="System.IO.Hashing" Version="10.*" /> |
Member
There was a problem hiding this comment.
The updated alpha will bring this in though, right?
Co-authored-by: David Boike <david.boike@gmail.com>
DavidBoike
added a commit
that referenced
this pull request
May 20, 2026
* Host id override * Improve the guidance because SHA1 was only FIPS compliance on .NET Framework * Apply suggestions from code review Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Make the message consistent in regards to non-crypto hashing * Less absolute * Apply suggestions from code review Co-authored-by: David Boike <david.boike@gmail.com> --------- Co-authored-by: Daniel Marbach <danielmarbach@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: David Boike <david.boike@gmail.com>
DavidBoike
added a commit
that referenced
this pull request
May 21, 2026
* Core8 transitive reference fix * Core 10.2 alpha 5 * Restore modern logging info * Swap out a bunch of IEndpointInstance for IMessageSession (or burn IEndpointIntance) * A bunch of weird Writer tests (disabled TreatWarningsAsErrors locally to run tests) * Suppress obsoletes for selfhosting snippets still supported in v10 * Suppress obsoletes for snippets that should still exist in v10 * One more suppression * Fix general installer snippet * Guide towards the new installer API * Suppress log obsoletes * Slight change to installer snippet * Convention-based handlers (#8224) * Convention-based handlers * Apply suggestions from code review Co-authored-by: Daniel Marbach <daniel.marbach@openplace.net> Co-authored-by: Andreas Öhlund <andreas.ohlund@particular.net> * Make a TLDR snippet * Whoopsie --------- Co-authored-by: Daniel Marbach <daniel.marbach@openplace.net> Co-authored-by: Andreas Öhlund <andreas.ohlund@particular.net> * Handler saga registration (#8214) * Registration page first version while keeping some redundancy * Fix missing index problem * Better page split and wording tweaks * Refactor handler registration example in documentation Updated the registration code example to reflect new API usage. * Small tweaks * Fix version boundary to use integer majors * Apply suggestions from code review Co-authored-by: Andreas Öhlund <andreas.ohlund@particular.net> * Switch order * Better documentation around the conventions * Explain better the conventions --------- Co-authored-by: Daniel Marbach <danielmarbach@users.noreply.github.com> Co-authored-by: Andreas Öhlund <andreas.ohlund@particular.net> * Address deprecated Endpoint APIs in samples (#8236) * 2 projects needed a Core reference * Change affected samples to Core 10 alphas * Easy NSB.Extensions.Hosting removals * Rest of NSB.Extensions.Hosting * Delete "Passing user identity between endpoints using a custom header" sample that uses mutators * Remove "Startup and Shutdown Sequence" sample * Fix deprecated APIs in 4 samples * Updated more samples * Bunch more samples * Fix bad cancellation token usage * Couple more * Need to review this Kafka-Functions sample separately * Kinda big SqlP sample * Bunch more * Version-scope the externally managed mode sample and add a warning * Remaining samples * Fix links and related * Another fix * Core-hosting with AddNServiceBusEndpoint (#8206) * Add AddNServiceBusEndpoint hosting page * Core hosting guidance * Core hosting guidance * Modern hosting language changes * Core-hosting and snippets * 'Recommended' hosting wording * Update nservicebus/hosting/core-hosting.md Co-authored-by: Daniel Marbach <daniel.marbach@openplace.net> * Apply suggestions from code review Co-authored-by: Daniel Marbach <daniel.marbach@openplace.net> * Update nservicebus/hosting/core-hosting.md Co-authored-by: David Boike <david.boike@gmail.com> * Per-tenant hosting scenario * Reframe core-hosting opening and rewrite endpoint name / DI identifier section as comparison table * Clarify IMessageSession resolution and add explicit DI examples * revert critical-errors.md changes * Drop upgrade-guide content from core-hosting.md * Use partials for hosting/index.md generic-host section * Rename hosting title to Microsoft.Extensions.Hosting instead of 'recommended' * Tighten multi-endpoint section * Clarify DI identifier and rework per-tenant example * Use partials for web-application hosting * Took out note on NServiceBus.Extensions.Hosting * Apply suggestions from code review Co-authored-by: David Boike <david.boike@gmail.com> * Rename MyService to MyGlobalService * Note that NServiceBus.Extensions.Hosting is deprecated in 10.2 * Use endpoint identifier terminology instead of "DI indentifier" * Scope per-tenant identifier with endpoint name to avoid collision * Show host construction inline for IMessageSession resolution * Version-gate self-hosting on hosting/index * Applying PR suggestions with minor edits * Apply suggestions from code review Co-authored-by: Daniel Marbach <daniel.marbach@openplace.net> * Fix Core snippets for extension method alignment * Apply suggestions from code review Co-authored-by: David Boike <david.boike@gmail.com> --------- Co-authored-by: Daniel Marbach <daniel.marbach@openplace.net> Co-authored-by: David Boike <david.boike@gmail.com> * Add links to Externally Managed Mode sample * Update hosting index page (#8243) * The self-hosting section stops with v9 * Fix header hierarchy and fix resulting links * No point defining a term we say nothing useful about * Don't need a whole H2 section for a footnote * This just doesn't make sense to have anymore (and people using Endpoint.Start() will figure that out) * WriteDiagnosticsToLog * Host ID (#8246) * Host id override * Improve the guidance because SHA1 was only FIPS compliance on .NET Framework * Apply suggestions from code review Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Make the message consistent in regards to non-crypto hashing * Less absolute * Apply suggestions from code review Co-authored-by: David Boike <david.boike@gmail.com> --------- Co-authored-by: Daniel Marbach <danielmarbach@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: David Boike <david.boike@gmail.com> * Add EndpointLoggingScope documentation for NServiceBus 10.2 (#8261) - Add 'Enriching logs outside the message pipeline' section to logging docs - Add MyBackgroundService snippet demonstrating BeginEndpointScope usage - Update NServiceBus to 10.2.0-alpha.12 for EndpointLoggingScope type - Refactor Recoverability/Pipeline.cs to use context.MessageId/context.Body instead of obsolete context.FailedMessage Co-authored-by: Daniel Marbach <danielmarbach@users.noreply.github.com> * Update stable * Fix links (fingers crossed) --------- Co-authored-by: Andreas Öhlund <andreas.ohlund@particular.net> Co-authored-by: Daniel Marbach <daniel.marbach@openplace.net> Co-authored-by: Daniel Marbach <danielmarbach@users.noreply.github.com> Co-authored-by: Matt Mercurio <mattmercurio@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Document the new host identifier algorithm and update the FIPS workaround to use a non-cryptographic hash.
NServiceBus.Core.Hosting.UseV2DeterministicGuidAppContext switch introduced in #7723 that opts into XxHash128-based host identifiers, replacing the legacy MD5 approach. Replace the SHA256 workaround with an XxHash128-based approach usingSystem.IO.Hashing, which targets .NET Standard 2.0 and .NET Framework 4.6.2, making it available on all supported platforms. The snippet produces the same GUID as NServiceBus's internalDeterministicGuid.Create(verified by comparison test).Changes
FIPS compliance
## NServiceBussection innservicebus/compliance/fips.mdinto version-gated partials:fips_host-id-generation_core_[,10).partial.md— Documents the legacy MD5 issue and provides an XxHash128-based workaround usingSystem.IO.Hashingfips_host-id-generation_core_[10,).partial.md— Documents the XxHash128 algorithm, the AppContext switch opt-in (code, environment variable, MSBuild), migration warning, and the legacy XxHash128 override approachXxHash128DeterministicGuidthat uses XxHash128 fromSystem.IO.Hashing. SHA256 was replaced because:System.IO.Hashingtargets .NET Standard 2.0 and .NET Framework 4.6.2, so the snippet works on all supported platforms.DeterministicGuid.Createto produce identical GUIDs.[10,)partial: scope it specifically to host identifier generation rather than implying general FIPS compliance.Sha256DeterministicHash.cssnippet.System.IO.Hashingpackage reference toCore_Allsnippet project.