diff --git a/lib/_tls_common.js b/lib/_tls_common.js
index d857717dabae15..120dce5784b27b 100644
--- a/lib/_tls_common.js
+++ b/lib/_tls_common.js
@@ -99,7 +99,11 @@ exports.createSecureContext = function createSecureContext(options, context) {
   else if (options.ecdhCurve)
     c.context.setECDHCurve(options.ecdhCurve);
 
-  if (options.dhparam) c.context.setDHParam(options.dhparam);
+  if (options.dhparam) {
+    var warning = c.context.setDHParam(options.dhparam);
+    if (warning)
+      console.trace(warning);
+  }
 
   if (options.crl) {
     if (Array.isArray(options.crl)) {
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index ff3558e034505b..1ec475cb4f362f 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -757,11 +757,13 @@ void SecureContext::SetDHParam(const FunctionCallbackInfo<Value>& args) {
   if (dh == nullptr)
     return;
 
-  const int keylen = BN_num_bits(dh->p);
-  if (keylen < 1024)
+  const int size = BN_num_bits(dh->p);
+  if (size < 1024) {
     return env->ThrowError("DH parameter is less than 1024 bits");
-  else if (keylen < 2048)
-    fprintf(stderr, "WARNING: DH parameter is less than 2048 bits\n");
+  } else if (size < 2048) {
+    args.GetReturnValue().Set(FIXED_ONE_BYTE_STRING(
+        env->isolate(), "WARNING: DH parameter is less than 2048 bits"));
+  }
 
   SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_DH_USE);
   int r = SSL_CTX_set_tmp_dh(sc->ctx_, dh);