Oracle Linux: DNF Update on System Using Non-Default Security Policy/Module Fails With: [error:0A000410:SSL routines::ssl/tls alert handshake failure] (Doc ID 3067718.1)

Last updated on MARCH 04, 2025

Applies to:

Linux OS - Version Oracle Linux 9.0 and later
Linux x86-64

Symptoms

The security (cryptographic policy) of an Oracle Linux 9 (OL9) system was recently enhanced. Since the change, attempts to update the system from the Oracle YUM Server https://yum.oracle.com using dnf(8 fails as follows:

Changes

Possibly a fresh installation of Oracle Linux 9.5+ with NIST 800-171 profile.

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Workaround 1: Disable SSL verification to Oracle YUM Server

Workaround 2: Reduce SSL CA certification key size requirement within existing security policy/module or custom policy

Workaround 3: Utilize ULN instead of Oracle YUM Server

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Oracle Linux: DNF Update on System Using Non-Default Security Policy/Module Fails With: [error:0A000410:SSL routines::ssl/tls alert handshake failure] (Doc ID 3067718.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!