when 4096 bits is used, the client and the server can authenticate each other,
then I just change the length from 4096 (the default) to 1024, both claimed the other party is fake (not authentic).

I just ran the tests (of all parameters, including 1024) on the latest version of Node, and everything completes successfully. Would you mind posting some test code that gives you the issues? I'm closing this for now since the tests show that the 1024 bit parameters are working, but please re-open when you have code that demonstrates the issue. Thanks!

Sorry, just I rechecked my code, I found that I always initialized the server object with the default 4096, so when the client changed to 1024bits, they wouldn't match. Sorry for your time and effort for this issue. And thanks, now, I know I can just use 1024bits since it works.