On Mon, Sep 26, 2022 at 09:52:29AM -0400, Felipe Gasper wrote: > OpenSSL 1.1.0k introduced behaviour that rejects 1,024-bit RSA key sizes. No such change was made. Perhaps your OS distribution has bumped the default (TLS) security level from 1 (80-bit or more) to 2 (~112 bit or more). You can look in the system-wide openssl.cnf file. > Is the new minimum key size queryable? It appears to be 2,048, but in > the event that that changes again I’d ideally love just to grab that > value from OpenSSL itself rather than hard-coding it. The security levels are documented. You can set the security level in the cipher string: DEFAULT:@SECLEVEL=1 or via the API. -- VIktor.