Description of problem:

Attempts to register an ordinary (not FIPS-enabled) RHEL7 host fails with SSL handshake failure error.

Given that RHEL 7 is a supported client and the Satellite documentation does not state any incompatibility regarding FIPS mode mismatch between the Satellite Server and a non-FIPS RHEL 7 client for registration, it is generally implied that such a registration would be supported.

For now I'm placing this bug on the Satellite project / Registration. Feel free to move it on RHEL or DOCs or wherever the fix is pushed.

How reproducible:

always

Is this issue a regression from an earlier version:

No, the issue is reproducible with earlier Satellite versions installed on RHEL9 (6.17, 6.16 @R9) too.
It is NOT reproducible on RHEL8-based installations  (6.16 @R8, 6.15).

Steps to Reproduce:

1. Spin up a FIPS-enabled Satellite.
2. Create an Activation key (Library/Default org view).
3. Try to register a RHEL7 host via Global registration.

Actual behavior:

[root@rhel7 ~]# set -o pipefail && curl --silent --show-error  --insecure 'https://satellite.redhat.com/register?activation_keys=AK-1&download_utility=curl&force=true&ignore_subman_errors=true&location_id=2&organization_id=1&update_packages=false' --header 'Authorization: Bearer very_long_token' | bash
#
# Running registration
#
This system is currently not registered.
All local data removed
subscription-manager is already installed!
Unable to verify server's identity: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:618)
This system is not yet registered. Try 'subscription-manager register --help' for more information.
ERROR: not_found
Host was not found by the subscription UUID: '', this can happen if the host is registered already, but not to this instance

Expected behavior:
Either successful registration or documentation update stating this scenario is not supported.

Additional info:

Hit by several tests, for example test.foreman.api.test_errata.test_positive_install_multiple_in_host in FIPS pipeline.