Diffie-Hellman routines::modulus too small

Question

Consider the following code:

const crypto = require("crypto");

function checksum(str, algorithm, encoding) {
return crypto
   .createHash(algorithm || 'md5')
   .update(str, 'utf8')
   .digest(encoding || 'hex');
}

I have then created a simple function:

function executeCPUWorkload(workloadSize) {
    console.log("Workload size: " + workloadSize);
    for (let $i = 0; $i < workloadSize; $i++) {
        const prime_length = 100;
        console.log("Before calling createDiffieHellman with prime_length= " + prime_length);
        const diffHell = crypto.createDiffieHellman(prime_length);
        console.log("Before calling generateKeys - diffHell= " + diffHell);
        const key = diffHell.generateKeys('base64');
        console.log("Before calling checksum - key= " + key);
        const chksum = checksum(key);
        console.log("After calling checksum - checksum= " + chksum);
    }

    return true;
}

I try then call this like console.log(executeCPUWorkload(1)); in 2 different setting

1. On my local MacBook M1 Pro machine (with node version 16.15.1)
2. In the cloud, on a GCP based Kubernetes cluster, on top of [e2-standard-2][1] machine (with node version v18.14.2)

In the first one, everything works as expected:

Workload size: 1
Before calling createDiffieHellman with prime_length= 100
Before calling generateKeys - diffHell= [object Object]
Before calling checksum - key= CoWyfgoPj76HC/9hQA==
After calling checksum - checksum= 9244c71b78d3b8b61a36adb9b8e1b190
true

In the cloud, I'm getting following output:

Workload size: 1
Before calling createDiffieHellman with prime_length= 100

Connection then getting closed and in the response I received this Error:

Error: error:0280007E:Diffie-Hellman routines::modulus too small

I'm not sure why, but after increasing the prime_length to 1024, everything starts working in the cloud too.

Answer 1

I downgraded the node version on the cloud to the same 16.15.1 version as on my MacBook Pro, and it solved the issue.

My guts feeling is that prime_length is now considered too small and therefore susceptible to attacks. However, I do not have any valid references to support this theory. If anyone knows the exact reason, please comment with a reference.