The current list of FIPS non-compliant components in RHEL-10 is incorrect:

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/pdf/security_hardening/Red_Hat_Enterprise_Linux-10-Security_hardening-en-US.pdf
or
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html-single/security_hardening/index#list-of-rhel-applications-using-cryptography-that-is-not-compliant-with-fips-140-3

It lists PKCS#12 as non-compliant: that is no longer the case: https://www.redhat.com/en/blog/fips-140-3-changes-pkcs-12

It also omits GnuPG and libgcrypt: those will not be FIPS certified and we don't test them to use FIPS compliant crypto

It also omits sequoia, which for now is not FIPS compliant (doesn't work in FIPS mode at all because it uses wrong APIs), but we plan to make it FIPS compliant in RHEL-10.2.