Goferd with crypto-policy stricter than DEFAULT fails with SSL Failure: SSL routines:tls_process_ske_dhe:bad dh value

Solution Verified - Updated -


  • Goferd connection to the satellite on port 5647 failed on

    SSL routines:tls_process_ske_dhe:bad dh value
  • Goferd fails to connect when FIPS enabled on RHEL 8

    SSL routines:tls_process_ske_dhe:dh key too small
  • Goferd fails to update packages on RHEL8 clients when FIPS is enabled.


  • Red Hat Satellite 6.x
  • At least one Red Hat Enterprise 8 client with FUTURE crypto policies

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In