I'm running into an issue trying to make a soap request using node-soap. The error is only on ubuntu, I've tested on windows too - the code (obviously excluding curl) is working there.

The error I get is:

Unhandled rejection Error: write EPROTO 140332284700480:error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small:../deps/openssl/openssl/ssl/s3_clnt.c:3615:

I've also tried using request/request which also fails. When using plain curl I get a response from the server I'm trying to connect to.

Here's the code I'm using:

exec('curl ' + url, function(err, res) {
        log(err); // null
        log(res); // expected response
    });  

request.postAsync({
        url,
        rejectUnauthorized: false,
        requestCert: true,
    }).then(val => {
        log(val);
    }).catch(err => {
        log(err); // above error message
    })

soap.createClientAsync(url).then(val => {
        log(val);
    }).catch(err => {
        log(err); // above error message
    })

I've tested on the following versions:

node 4.4.0 and 5.8.0, ubuntu server version 14.04 and ubuntu 15.04 desktop

The openssl version is OpenSSL 1.0.2f 28 Jan 2016

Can someone help me? Is it possible to make this work somehow?

Most likely the server is trying to use less secure Diffie-Hellman keys during the TLS handshake. The only fix is for the server administrators to upgrade/fix their software.

Please note that you should not do this, as it is considered insecure - but if there's no other way you can set the --tls-cipher-list flag and enable the ciphers you need - e.g.:

node --tls-cipher-list="EXP-EDH-RSA-DES-CBC-SHA" index.js

Espacially EXP should not be used, just as ssl_v3 in general. So better stick to @mscdex's answer...

You can read more about this in the tls documentation: https://nodejs.org/api/tls.html#tls_modifying_the_default_tls_cipher_suite

The last part from the docs about this:

Note that the default cipher suite included within Node.js has been carefully selected to reflect current security best practices and risk mitigation. Changing the default cipher suite can have a significant impact on the security of an application. The --tls-cipher-list switch should by used only if absolutely necessary.