diff --git a/.ruby-version b/.ruby-version
index 00355e29d..35cee72dc 100644
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-2.3.7
+2.4.3
diff --git a/Dockerfile b/Dockerfile
index bd0cbc07b..b5871bfed 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM internetee/ruby:2.3
+FROM internetee/ruby:2.4
 MAINTAINER maciej.szlosarczyk@internet.ee
 
 RUN mkdir -p /opt/webapps/app/tmp/pids
diff --git a/lib/auth_token/auth_token_creator.rb b/lib/auth_token/auth_token_creator.rb
index 9fff8e5cd..741cc3e8a 100644
--- a/lib/auth_token/auth_token_creator.rb
+++ b/lib/auth_token/auth_token_creator.rb
@@ -26,7 +26,10 @@ class AuthTokenCreator
   def encrypted_token
     encryptor = OpenSSL::Cipher::AES.new(256, :CBC)
     encryptor.encrypt
-    encryptor.key = key
+
+    # OpenSSL used to automatically shrink oversized keys, it does not do that any longer.
+    # See: https://github.com/ruby/openssl/issues/116
+    encryptor.key = key[0..31]
     encrypted_bytes = encryptor.update(hashable) + encryptor.final
     Base64.urlsafe_encode64(encrypted_bytes)
   end
diff --git a/lib/auth_token/auth_token_decryptor.rb b/lib/auth_token/auth_token_decryptor.rb
index be6bd99cd..acd67be99 100644
--- a/lib/auth_token/auth_token_decryptor.rb
+++ b/lib/auth_token/auth_token_decryptor.rb
@@ -16,7 +16,10 @@ class AuthTokenDecryptor
   def decrypt_token
     decipher = OpenSSL::Cipher::AES.new(256, :CBC)
     decipher.decrypt
-    decipher.key = key
+
+    # OpenSSL used to automatically shrink oversized keys, it does not do that any longer.
+    # See: https://github.com/ruby/openssl/issues/116
+    decipher.key = key[0..31]
 
     base64_decoded = Base64.urlsafe_decode64(token.to_s)
     plain = decipher.update(base64_decoded) + decipher.final
diff --git a/test/lib/auth_token/auth_token_creator_test.rb b/test/lib/auth_token/auth_token_creator_test.rb
index 9d4cdd2c6..0465de9f4 100644
--- a/test/lib/auth_token/auth_token_creator_test.rb
+++ b/test/lib/auth_token/auth_token_creator_test.rb
@@ -8,7 +8,7 @@ class AuthTokenCreatorTest < ActiveSupport::TestCase
 
     @user = users(:registrant)
     time = Time.zone.parse('2010-07-05 00:30:00 +0000')
-    @random_bytes = SecureRandom.random_bytes(64)
+    @random_bytes = SecureRandom.random_bytes(32)
     @token_creator = AuthTokenCreator.new(@user, @random_bytes, time)
   end