Rhel 9.3 with FIPS breaks dnf /yum
I've just built a Rhel 9.3 server using the NIST security policy. The install went just fine. Subscription manager registered just fine. I attached a subscription to the machine and then ran dnf update. Failed with this message:
error: Curl error (35): SSL connect error for https://cdn.redhat.com/content/dist/rhel9/9/x86_64/baseos/os/repodata/repomd.xml [error:0A000410:SSL routines::sslv3 alert handshake failure] (https://cdn.redhat.com/content/dist/rhel9/9/x86_64/baseos/os/repodata/repomd.xml).
Wow, I wouldn't think that the cdn.redhat.com was using sslv3, but that is the error message. If I set the update-crypto-policies from FIPS:OSPP to DEFAULT, with no reboot, dnf works just fine and I can update. When I restore the policy to FIPS or to FIPS:OSPP, curl fails. I didn't capture it, but the failed message was different for plain FIPS versus FIPS:OSPP.
I don't consider this a feature.