Goferd with crypto-policy stricter than DEFAULT fails with SSL Failure: SSL routines:tls_process_ske_dhe:bad dh value

Solution Verified - Updated 2024-06-13T22:54:51+00:00 -

Issue

Goferd connection to the satellite on port 5647 failed on
```
SSL routines:tls_process_ske_dhe:bad dh value
```

Goferd fails to connect when FIPS enabled on RHEL 8

SSL routines:tls_process_ske_dhe:dh key too small

Goferd fails to update packages on RHEL8 clients when FIPS is enabled.

Environment

Red Hat Satellite 6.x
At least one Red Hat Enterprise 8 client with FUTURE crypto policies

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2026 Red Hat

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)