sslv3 alert handshake failure with FIPS:OSPP Hardened RHEL 9.3

Solution Verified - Updated -

Issue

  • RHEL 9.3 systems with crypto-policies-20230731-1.git94f0e2c.el9_3.1.noarch and have FIPS:OSPP hardening enabled are seeing the following behavior when attempting to run dnf repolist or dnf update:
[root@rhel-9.3 ~]# fips-mode-setup --check; update-crypto-policies --show
FIPS mode is enabled.
FIPS:OSPP
[root@rhel9.3 ~]# dnf clean all; dnf repolist -v
Updating Subscription Management repositories.
17 files removed
Loaded plugins: builddep, changelog, config-manager, copr, debug, debuginfo-install, download, generate_completion_cache, groups-manager, needs-restarting, playground, product-id, repoclosure, repodiff, repograph, repomanage, reposync, subscription-manager, system-upgrade, uploadprofile
Updating Subscription Management repositories.
DNF version: 4.14.0
cachedir: /var/cache/dnf
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs)                                                              0.0  B/s |   0  B     00:00    
Errors during downloading metadata for repository 'rhel-9-for-x86_64-baseos-rpms':
  - Curl error (35): SSL connect error for https://cdn.redhat.com/content/dist/rhel9/9/x86_64/baseos/os/repodata/repomd.xml [error:0A000410:SSL routines::sslv3 alert handshake failure]
Error: Failed to download metadata for repo 'rhel-9-for-x86_64-baseos-rpms': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

Environment

RHEL 9.3
FIPS:OSPP Crypto Policy

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content