RT2626: Change default_bits from 1K to 2K

This is a more comprehensive fix. It changes all keygen apps to use 2K keys. It also changes the default to use SHA256 not SHA1. This is from Kurt's upstream Debian changes. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
author: Kurt Roeckx <kurt@roeckx.be> 2014-09-08 17:14:36 -0400
committer: Rich Salz <rsalz@openssl.org> 2014-09-08 17:21:04 -0400
commit: 44e0c2bae4bfd87d770480902618dbccde84fd81 (patch)
tree: fec922dd02ccada0d46acea1710604171a5633d8 /apps/dhparam.c
parent: 5f855569c452262a8770ed822c7f98f5fac3e3d6 (diff)
download: openssl-44e0c2bae4bfd87d770480902618dbccde84fd81.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/apps/dhparam.c b/apps/dhparam.c
index f5d7126af7..606365e180 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -130,7 +130,7 @@
 #undef PROG
 #define PROG	dhparam_main
 
-#define DEFBITS	512
+#define DEFBITS	2048
 
 /* -inform arg	- input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
@@ -253,7 +253,7 @@ bad:
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
 		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
-		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
+		BIO_printf(bio_err," numbits       number of bits in to generate (default 2048)\n");
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 #endif
author	Kurt Roeckx <kurt@roeckx.be>	2014-09-08 17:14:36 -0400
committer	Rich Salz <rsalz@openssl.org>	2014-09-08 17:21:04 -0400
commit	44e0c2bae4bfd87d770480902618dbccde84fd81 (patch)
tree	fec922dd02ccada0d46acea1710604171a5633d8 /apps/dhparam.c
parent	5f855569c452262a8770ed822c7f98f5fac3e3d6 (diff)
download	openssl-44e0c2bae4bfd87d770480902618dbccde84fd81.tar.gz