TLS extension "Extended Master Secret" enforced on RHEL 9.2 and later

Issue

Starting with Red Hat Enterprise Linux 9.2 (RHEL 9.2), according to upcoming FIPS-140-3 requirements, we make the Extended Master Secret (EMS - RFC 7627) extension mandatory for TLS 1.2 connections on FIPS-enabled systems. TLS 1.3 is not affected. This is a potentially breaking change because legacy clients that do not support EMS or TLS 1.3 cannot connect to FIPS servers based on RHEL 9.2 and vice-versa: RHEL 9.2 clients in FIPS mode cannot connect to servers that support TLS 1.2 as the highest protocol version and do not support EMS.

In practice, it means that since RHEL 9.2 it is impossible in FIPS mode to establish TLS connections with servers using RHEL 6, RHEL 7, and other non-RHEL legacy systems as the TLS implementation on those systems neither support EMS nor TLS 1.3.

There is also a potential interoperability issue with TLS servers written in Go and compiled with Go 1.18 or earlier versions, which support neither EMS nor TLS 1.3 in FIPS mode.