`error:0A00018F:SSL routines::ee key too small` in tests using modern openssl

[LiviaMedeiros]

Bug Description

test/http2.js, test/h2c-client.js, and test/connect-pre-shared-session.js are failing with the error:0A00018F:SSL routines::ee key too small error on modern systems.

Reproducible By

$ openssl --version
OpenSSL 3.4.1 11 Feb 2025 (Library: OpenSSL 3.4.1 11 Feb 2025)
$ npm i && npm run test

Expected Behavior

Tests not failing and being future-proof.

Logs & Screenshots

Example of error:

test at test/http2.js:1345:1
✖ #2364 - Concurrent aborts (2nd variant) (1.548565ms)
  Error: error:0A00018F:SSL routines::ee key too small
      at node:internal/tls/secure-context:70:13
      at Array.forEach (<anonymous>)
      at setCerts (node:internal/tls/secure-context:68:3)
      at configSecureContext (node:internal/tls/secure-context:191:5)
      at Object.createSecureContext (node:_tls_common:113:3)
      at Server.setSecureContext (node:_tls_wrap:1490:27)
      at new Server (node:_tls_wrap:1354:8)
      at new Http2SecureServer (node:internal/http2/core:3174:5)
      at createSecureServer (node:internal/http2/core:3385:10)
      at TestContext.<anonymous> (/home/livia/zram2/undici/test/http2.js:1346:18) {
    library: 'SSL routines',
    reason: 'ee key too small',
    code: 'ERR_SSL_EE_KEY_TOO_SMALL'
  }

Environment

dev-libs/openssl-3.4.1 built without weak-ssl-ciphers USE flag (it's disabled by default).

Additional context

The culprits are likely to be http-pem and selfsigned packages. The former unconditionally calls selfsigned.generate() without any parameters and the latter has key of size 1024 by default.

[metcoder95]

This started hitting tests recently; opened and issue time ago to make it customizable (see watson/https-pem#9), but I believe I'll make a fork out of it to fix it.

Will try to have a look later this week

[himself65]

I can see it on my PR #4357