diff --git a/.travis.yml b/.travis.yml
index 97be2f5c..58c376b5 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -9,6 +9,7 @@ go:
 env:
   global:
     - BUILD_DEPTYPE=gomod
+    - LIBP2P_ALLOW_WEAK_RSA_KEYS=1
   matrix:
     - GOTFLAGS="-race"
     - GOTFLAGS="-race -tags=openssl"
diff --git a/crypto/rsa_common.go b/crypto/rsa_common.go
index d50651f2..c7e30543 100644
--- a/crypto/rsa_common.go
+++ b/crypto/rsa_common.go
@@ -1,10 +1,25 @@
 package crypto
 
 import (
-	"errors"
+	"fmt"
+	"os"
 )
 
+// WeakRsaKeyEnv is an environment variable which, when set, lowers the
+// minimum required bits of RSA keys to 512. This should be used exclusively in
+// test situations.
+const WeakRsaKeyEnv = "LIBP2P_ALLOW_WEAK_RSA_KEYS"
+
+var MinRsaKeyBits = 2048
+
 // ErrRsaKeyTooSmall is returned when trying to generate or parse an RSA key
-// that's smaller than 512 bits. Keys need to be larger enough to sign a 256bit
-// hash so this is a reasonable absolute minimum.
-var ErrRsaKeyTooSmall = errors.New("rsa keys must be >= 512 bits to be useful")
+// that's smaller than MinRsaKeyBits bits. In test
+var ErrRsaKeyTooSmall error
+
+func init() {
+	if _, ok := os.LookupEnv(WeakRsaKeyEnv); ok {
+		MinRsaKeyBits = 512
+	}
+
+	ErrRsaKeyTooSmall = fmt.Errorf("rsa keys must be >= %d bits to be useful", MinRsaKeyBits)
+}
diff --git a/crypto/rsa_go.go b/crypto/rsa_go.go
index e9813779..023588ef 100644
--- a/crypto/rsa_go.go
+++ b/crypto/rsa_go.go
@@ -27,7 +27,7 @@ type RsaPublicKey struct {
 
 // GenerateRSAKeyPair generates a new rsa private and public key
 func GenerateRSAKeyPair(bits int, src io.Reader) (PrivKey, PubKey, error) {
-	if bits < 512 {
+	if bits < MinRsaKeyBits {
 		return nil, nil, ErrRsaKeyTooSmall
 	}
 	priv, err := rsa.GenerateKey(src, bits)
@@ -102,7 +102,7 @@ func UnmarshalRsaPrivateKey(b []byte) (PrivKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	if sk.N.BitLen() < 512 {
+	if sk.N.BitLen() < MinRsaKeyBits {
 		return nil, ErrRsaKeyTooSmall
 	}
 	return &RsaPrivateKey{sk: *sk}, nil
@@ -118,7 +118,7 @@ func UnmarshalRsaPublicKey(b []byte) (PubKey, error) {
 	if !ok {
 		return nil, errors.New("not actually an rsa public key")
 	}
-	if pk.N.BitLen() < 512 {
+	if pk.N.BitLen() < MinRsaKeyBits {
 		return nil, ErrRsaKeyTooSmall
 	}
 	return &RsaPublicKey{*pk}, nil
diff --git a/crypto/rsa_openssl.go b/crypto/rsa_openssl.go
index 96c55886..913dead6 100644
--- a/crypto/rsa_openssl.go
+++ b/crypto/rsa_openssl.go
@@ -21,7 +21,7 @@ type RsaPublicKey struct {
 
 // GenerateRSAKeyPair generates a new rsa private and public key
 func GenerateRSAKeyPair(bits int, _ io.Reader) (PrivKey, PubKey, error) {
-	if bits < 512 {
+	if bits < MinRsaKeyBits {
 		return nil, nil, ErrRsaKeyTooSmall
 	}