diff --git a/contrib/src/opendht/rules.mak b/contrib/src/opendht/rules.mak
index 6916be11e07a8c85dc692ac0d294b92878fe1ccb..bd677979a7cf64cc422f8bfe5570dacbb413dc44 100644
--- a/contrib/src/opendht/rules.mak
+++ b/contrib/src/opendht/rules.mak
@@ -1,5 +1,5 @@
 # OPENDHT
-OPENDHT_VERSION := 7729f9e283b19b7b0f2cba67490a6fc985fce57a
+OPENDHT_VERSION := ac13795db0a606c8d03b609956fd4578411cf7f6
 OPENDHT_URL := https://github.com/savoirfairelinux/opendht/archive/$(OPENDHT_VERSION).tar.gz
 
 PKGS += opendht
diff --git a/src/client/configurationmanager.cpp b/src/client/configurationmanager.cpp
index 41a035cc6030d0bea671ca9aeefb07f8c0122fa9..cba780c1a409e3751e5d0071b173caa3b2006405 100644
--- a/src/client/configurationmanager.cpp
+++ b/src/client/configurationmanager.cpp
@@ -156,7 +156,7 @@ validateCertificatePath(const std::string&,
 {
 #if HAVE_TLS && HAVE_DHT
     try {
-        return TlsValidator{certificate, privateKey, caList}.getSerializedChecks();
+        return TlsValidator{certificate, privateKey, "", caList}.getSerializedChecks();
     } catch(const std::runtime_error& e) {
         RING_WARN("Certificate loading failed: %s", e.what());
         return {{Certificate::ChecksNames::EXIST, Certificate::CheckValuesNames::FAILED}};
diff --git a/src/security/tlsvalidator.cpp b/src/security/tlsvalidator.cpp
index 55345b4db860c5e91fdb26d8c55efb3abaed427a..e6d90d3cf4334e2e66e5045f14e97331cf7eb508 100644
--- a/src/security/tlsvalidator.cpp
+++ b/src/security/tlsvalidator.cpp
@@ -219,7 +219,10 @@ TlsValidator::TlsValidator(const std::vector<std::vector<uint8_t>>& crtChain)
     : TlsValidator(std::make_shared<dht::crypto::Certificate>(crtChain.begin(), crtChain.end()))
 {}
 
-TlsValidator::TlsValidator(const std::string& certificate, const std::string& privatekey, const std::string& caList)
+TlsValidator::TlsValidator(const std::string& certificate,
+                           const std::string& privatekey,
+                           const std::string& privatekeyPasswd,
+                           const std::string& caList)
     : certificatePath_(certificate)
     , privateKeyPath_(privatekey)
     , caListPath_(caList)
@@ -241,8 +244,14 @@ TlsValidator::TlsValidator(const std::string& certificate, const std::string& pr
 
     try {
         privateKeyContent_ = fileutils::loadFile(privateKeyPath_);
-        dht::crypto::PrivateKey key_tmp(privateKeyContent_);
+        dht::crypto::PrivateKey key_tmp(privateKeyContent_, privatekeyPasswd);
         privateKeyFound_ = true;
+        privateKeyPassword_ = not privatekeyPasswd.empty();
+    } catch (const dht::crypto::DecryptError&) {
+        // If we encounter a DecryptError, it means the private key exists and is encrypted,
+        // otherwise we would get some other exception.
+        privateKeyFound_ = true;
+        privateKeyPassword_ = true;
     } catch (const std::exception& e) {
         privateKeyContent_.clear();
     }
@@ -933,8 +942,7 @@ TlsValidator::CheckResult TlsValidator::publicKeySelinuxAttributes()
  */
 TlsValidator::CheckResult TlsValidator::requirePrivateKeyPassword()
 {
-    // TODO
-    return TlsValidator::CheckResult(CheckValues::UNSUPPORTED, "");
+    return TlsValidator::CheckResult(privateKeyPassword_ ? CheckValues::PASSED : CheckValues::FAILED, "");
 }
 /**
  * The CA and certificate provide conflicting ownership information
diff --git a/src/security/tlsvalidator.h b/src/security/tlsvalidator.h
index 9399408b9c6e9a71284055f4c289c606ed003c24..15f9a519094162b496927e95be4e107570c3bb17 100644
--- a/src/security/tlsvalidator.h
+++ b/src/security/tlsvalidator.h
@@ -166,9 +166,13 @@ public:
      * Create a TlsValidator for a given certificate
      * @param certificate The certificate path
      * @param privatekey An optional private key file path
+     * @param privatekeyPasswd An optional private key password
+     * @param caList An optional CA list to use for certificate validation
      */
     TlsValidator(const std::string& certificate,
-                 const std::string& privatekey = "", const std::string& caList = "");
+                 const std::string& privatekey = "",
+                 const std::string& privatekeyPasswd = "",
+                 const std::string& caList = "");
 
     TlsValidator(const std::vector<std::vector<uint8_t>>& certificate_chain_raw);
 
@@ -271,6 +275,8 @@ private:
     bool certificateFileFound_ {false};
     bool certificateFound_;
     bool privateKeyFound_ {false};
+    bool privateKeyPassword_ {false};
+
     TlsValidator* caCert_ {nullptr};
     bool caChecked_ {false};
     unsigned int caValidationOutput_;