Comment 7 for bug 1822984

generated new weak key, cert and try to use it with current cosmic's openssl and succeed:

# openssl genrsa -des3 -out myCA.key 600
# openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem
# openssl s_server -cert myCA.pem -key myCA.key -WWW

# wget --ca-certificate myCA.pem https://localhost:4433
--2019-04-11 16:18:41-- https://localhost:4433/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:4433... connected.
HTTP request sent, awaiting response... 200 ok
Length: unspecified [text/plain]
Saving to: 'index.html.2'

index.html.2 [ <=> ] 237 --.-KB/s in 0s

2019-04-11 16:18:41 (15.6 MB/s) - 'index.html.2' saved [237]

# dpkg -l | grep libssl
ii libssl1.1:amd64 1.1.1-1ubuntu2

Upgraded to:
# dpkg -l | grep libssl
ii libssl1.1:amd64 1.1.1-1ubuntu2.2

And now wget fails with too small key error, whilst the s_server is still running:

# wget --ca-certificate myCA.pem https://localhost:4433
--2019-04-11 16:20:09-- https://localhost:4433/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:4433... connected.
ERROR: cannot verify localhost's certificate, issued by 'CN=localhost,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU':
  EE certificate key too weak
To connect to localhost insecurely, use `--no-check-certificate'.