.

categories.txt

@@ -27,7 +27,8 @@ getTLSPeerFinishedMessage not working right? and same for getFinished
 - client.on("session") never called?: test-tls-secure-session.js
 - SNICallback not supported: test-tls-starttls-server.js
 - overwrites duplex and emits custom connection event? test-tls-handshake-exception.js
-no cipher match: test-tls-connect-stream-writes.js
+- no cipher match: test-tls-connect-stream-writes.js
+- errors with 'no cipher match' rather than 'key too small'. '@SECLEVEL=0' does not work: test-tls-reduced-SECLEVEL-in-cipher.js
 
 createSecurePair not implemented:
 These tests are removed in new node versions: (createSecurePair is deprecated)

test/js/node/test/parallel/test-tls-reduced-SECLEVEL-in-cipher.js

@@ -0,0 +1,26 @@
+'use strict';
+const common = require('../common');
+
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const tls = require('tls');
+const fixtures = require('../common/fixtures');
+
+{
+  const options = {
+    key: fixtures.readKey('agent11-key.pem'),
+    cert: fixtures.readKey('agent11-cert.pem'),
+    ciphers: 'DEFAULT'
+  };
+
+  // Should throw error as key is too small because openssl v3 doesn't allow it
+  assert.throws(() => tls.createServer(options, common.mustNotCall()),
+                /key too small/i);
+
+  // Reducing SECLEVEL to 0 in ciphers retains compatibility with previous versions of OpenSSL like using a small key.
+  // As ciphers are getting set before the cert and key get loaded.
+  options.ciphers = 'DEFAULT:@SECLEVEL=0';
+  assert.ok(tls.createServer(options, common.mustNotCall()));
+}