Assuming (naively, perhaps!) that the error actually is reporting the problem accurately, and just from general principles, you wouldn't think that a client could modify your hard-coded salt value.

Did you check for some other instance of salt where it's a variable supplied by the client?

I noticed in the module docs that the salt option has something to do with OpenSSL. Could your OpenSSL version have changed in the server switch?

Can you work up a complete broken example?