[Bug]: --ssl-insecure does not allow small diffie-hellman keys

[MisterMountain]

Please try to fill out as much of the information below as you can. Thank you!

• Yes, I've searched similar issues on GitHub and didn't find any.

Which version contains the bug?

4.0.0

Describe the bug

Hello,

as i am testing the monitoring plugin for my environment it looks like i need to use the --ssl-insecure flag, as i have an self-signed certificate in my chain:
root@icinga2:/usr/lib/nagios/plugins# ./check_brevisone.py -H smsgw1.invalid.local UNKNOWN - Could not connect to SMS Gateway <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:992)>
However, when i added the flag it still not lets me do the check due to a small key:
root@icinga2:/usr/lib/nagios/plugins# ./check_brevisone.py -H smsgw1.invalid.local --ssl-insecure UNKNOWN - Could not connect to SMS Gateway <urlopen error [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:992)>

For my understanding flags like --ssl-insecure should also allow using the plugin in environments with problems like this.

How to recreate the bug?

No response

[martialblog]

We can probably adjust the SSLContext with ctx.set_ciphers to make it even less secure