From 7d0b4a4a07d01b4800833a635510c297b863bad7 Mon Sep 17 00:00:00 2001
From: Peter Powell <petpow@saberuk.com>
Date: Tue, 20 Oct 2015 15:16:52 +0100
Subject: [PATCH] Generate a 2048-bit dhparams unless explicitly specified.

---
 make/opensslcert.pm | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/make/opensslcert.pm b/make/opensslcert.pm
index 1bf27df15..20da704f7 100644
--- a/make/opensslcert.pm
+++ b/make/opensslcert.pm
@@ -46,6 +46,7 @@ sub make_openssl_cert()
 	my $state = promptstring_s('What state are you located in?', 'Example State');
 	my $country = promptstring_s('What is the ISO 3166-1 code for the country you are located in?', 'XZ');
 	my $time = promptstring_s('How many days do you want your certificate to be valid for?', '365');
+	my $use_1024 = promptstring_s('Do you want to generate less secure dhparams which are compatible with old versions of Java?', 'n');
 	print FH <<__END__;
 $country
 $state
@@ -56,8 +57,9 @@ $commonname
 $email
 __END__
 close(FH);
-system("cat openssl.template | openssl req -x509 -nodes -newkey rsa:1024 -keyout key.pem -out cert.pem -days $time 2>/dev/null");
-system("openssl dhparam -out dhparams.pem 1024");
+my $dhbits = $use_1024 =~ /^(1|on|true|yes|y)$/ ? 1024 : 2048;
+system("cat openssl.template | openssl req -x509 -nodes -newkey rsa:2048 -keyout key.pem -out cert.pem -days $time 2>/dev/null");
+system("openssl dhparam -out dhparams.pem $dhbits");
 unlink("openssl.template");
 }
 
-- 
2.39.5