In FIPS enabled RHEL 10, the TLSv1.2 requires extended master secret extension (EMS). Even with Java 21, this extension is not being sent back to the client (Firefox in my test). It ends up with SSL_ERROR_MISSING_EXTENDED_MASTER_SECRET.

TLSv1.3 works without issues, since EMS is not required for it IIUC.