When using Zabbix on a Centos8/RHEL8 machine the following error occurred whil trying to monitor an HTTPS-website via the build in web scenarieos:
(35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small
The error itself also shows up when trying to use curl to connect to the website:
$ curl -D - https://<some-legacy-website-> -k curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small
That error occurs if the server uses an older cipher-suite that’s considered unsafe by the default crypto policy used in Centos8/RHEL8.
To work around that problem, the legacy cipher suites must be enabled by:
# update-crypto-policies --set LEGACY
Although a restart is recommended after issuing the command, for me it also worked without the need of issuing a reboot.