Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-19211

FIPS-enabled RHEL9 clients are unable to communicate with Satellite 6.11 on RHEL 7

XMLWordPrintable

    • None
    • None
    • None
    • None

      Description of problem:

      FIPS-enabled RHEL9 clients are unable to communicate with Satellite 6.11

      Version-Release number of selected component (if applicable):
      Satellite server (RHEL7/6.11.5.4)
      Satellite server (RHEL7satellite-6.10)

      How reproducible:
      Apply RHSA-2023:3722 on RHEL 9

      Steps to Reproduce:
      1. Enabled fips
      2. yum updateinfo --installed RHSA-2023:3722
      3. subscription-manager refresh ; yum repolist

      Actual results:

      1. update-crypto-policies --show
        FIPS
      1. cat /proc/sys/crypto/fips_enabled
        1
      1. fips-mode-setup --check
        FIPS mode is enabled.
      1. yum updateinfo --info RHSA-2023:3722
      1. subscription-manager refresh ; yum repolist

      Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) 0.0 B/s | 0 B 00:00
      Errors during downloading metadata for repository 'rhel-9-for-x86_64-baseos-rpms':

      Expected results:

      Do we have any workaround or upgrade underlying OS RHEL 7 to RHEL 8 will be the only option?

      Additional info:

      1. yum list installed |grep -i openssl
        openssl.x86_64 1:3.0.7-16.el9_2 @rhel-9-for-x86_64-baseos-rpms
        openssl-libs.x86_64 1:3.0.7-16.el9_2 @rhel-9-for-x86_64-baseos-rpms

      The Extended Master Secret TLS Extension is now enforced on FIPS-enabled systems

      With the release of the RHSA-2023:3722 advisory, the TLS Extended Master Secret (EMS) extension (RFC 7627) is mandatory for TLS 1.2 connections on FIPS-enabled RHEL 9 systems. This is in accordance with FIPS-140-3 requirements. TLS 1.3 is not affected.

              jira-bugzilla-migration RH Bugzilla Integration
              rhn-support-gpayelka Ganesh Payelkar
              RH Bugzilla Integration RH Bugzilla Integration
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: