From c70498d6bc70698e9e92cb624e75bf8939049dac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= <bserie@evolix.fr>
Date: Wed, 22 Jul 2015 09:56:04 +0200
Subject: [PATCH] Dot not use weak ciphers.

---
 openssl.cnf | 4 ++--
 shellpki.sh | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/openssl.cnf b/openssl.cnf
index d0df2b6..79aa814 100644
--- a/openssl.cnf
+++ b/openssl.cnf
@@ -13,7 +13,7 @@ private_key     = $dir/private.key
 RANDFILE        = $dir/.rand
 default_days    = 365
 default_crl_days= 365
-default_md      = md5
+default_md      = sha256
 preserve        = no
 policy          = policy_match
 
@@ -26,7 +26,7 @@ commonName              = supplied
 emailAddress            = supplied
 
 [ req ]
-default_bits            = 1024
+default_bits            = 2048
 distinguished_name      = req_distinguished_name
 
 [ req_distinguished_name ]
diff --git a/shellpki.sh b/shellpki.sh
index 39a6f81..0678de7 100755
--- a/shellpki.sh
+++ b/shellpki.sh
@@ -29,7 +29,7 @@ init() {
     if [ ! -f $PREFIX/ca/index.txt ]; then touch $PREFIX/ca/index.txt; fi
     if [ ! -f $PREFIX/files/ca/serial ]; then echo 01 > $PREFIX/ca/serial; fi
 
-$OPENSSL dhparam -out $PREFIX/ca/dh1024.pem 1024
+$OPENSSL dhparam -out $PREFIX/ca/dh2048.pem 2048
 $OPENSSL genrsa  -out $PREFIX/ca/private.key 2048
 
 $OPENSSL req            	    \