TLS extension "Extended Master Secret" enforced on RHEL 9.2 and later

Solution Verified - Updated -


Starting with Red Hat Enterprise Linux 9.2 (RHEL 9.2), according to upcoming FIPS-140-3 requirements, we make the Extended Master Secret (EMS - RFC 7627) extension mandatory for TLS 1.2 connections on FIPS-enabled systems. TLS 1.3 is not affected. This is a potentially breaking change because legacy clients that do not support EMS or TLS 1.3 cannot connect to FIPS servers based on RHEL 9.2 and vice-versa: RHEL 9.2 clients in FIPS mode cannot connect to servers that support TLS 1.2 as the highest protocol version and do not support EMS.

In practice, it means that since RHEL 9.2 it is impossible in FIPS mode to establish TLS connections with servers using RHEL 6, RHEL 7, and other non-RHEL legacy systems as the TLS implementation on those systems neither support EMS nor TLS 1.3.

There is also a potential interoperability issue with TLS servers written in Go and compiled with Go 1.18 or earlier versions, which support neither EMS nor TLS 1.3 in FIPS mode.


  • Red Hat Enterprise Linux 9.2 and later

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content