2 files changed, 12 insertions, 12 deletions

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index 7387a2d8ed..23f5fff885 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.3 2014/09/16 16:05:44 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.4 2014/10/01 13:15:40 sthen Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -112,7 +112,7 @@
 .\"
 .\" OPENSSL
 .\"
-.Dd $Mdocdate: September 16 2014 $
+.Dd $Mdocdate: October 1 2014 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -5583,7 +5583,7 @@ This gives the
 to write the newly created private key to.
 If this option is not specified, the filename present in the
 configuration file is used.
-.It Fl md4 | md5 | sha1
+.It Fl md5 | sha1 | sha256
 This specifies the message digest to sign the request with.
 This overrides the digest algorithm specified in the configuration file.
 .Pp
@@ -5774,7 +5774,7 @@ They are currently ignored by
 request signing utilities, but some CAs might want them.
 .It Ar default_bits
 This specifies the default key size in bits.
-If not specified, 512 is used.
+If not specified, 2048 is used.
 It is used if the
 .Fl new
 option is used.
@@ -5790,10 +5790,11 @@ option.
 .It Ar default_md
 This option specifies the digest algorithm to use.
 Possible values include
-.Ar md5
+.Ar md5 ,
+.Ar sha1
 and
-.Ar sha1 .
-If not present, MD5 is used.
+.Ar sha256 .
+If not present, SHA256 is used.
 This option can be overridden on the command line.
 .It Ar distinguished_name
 This specifies the section containing the distinguished name fields to
diff --git a/src/usr.bin/openssl/req.c b/src/usr.bin/openssl/req.c
index 98f3e1d84c..99f10ecde0 100644
--- a/src/usr.bin/openssl/req.c
+++ b/src/usr.bin/openssl/req.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: req.c,v 1.2 2014/08/28 14:23:52 jsing Exp $ */
+/* $OpenBSD: req.c,v 1.3 2014/10/01 13:15:40 sthen Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -97,7 +97,7 @@
 #define STRING_MASK     "string_mask"
 #define UTF8_IN         "utf8"
 
-#define DEFAULT_KEY_LENGTH      512
+#define DEFAULT_KEY_LENGTH      2048
 #define MIN_KEY_LENGTH          384
 
 
@@ -184,9 +184,8 @@ req_main(int argc, char **argv)
         unsigned long chtype = MBSTRING_ASC;
 
         req_conf = NULL;
-#ifndef OPENSSL_NO_DES
-        cipher = EVP_des_ede3_cbc();
-#endif
+        cipher = EVP_aes_256_cbc();
+        digest = EVP_sha256();
 
         infile = NULL;
         outfile = NULL;