|  | @@ -351,18 +351,18 @@ function regenerate_dh_keys {
 | 
	
		
			
			| 351 | 351 |        dialog --backtitle "Freedombone Security Configuration" \
 | 
	
		
			
			| 352 | 352 |               --title "Diffie-Hellman key length" \
 | 
	
		
			
			| 353 | 353 |               --radiolist "The smaller length is better suited to low power embedded systems:" 12 40 3 \
 | 
	
		
			
			| 354 |  | -             1 "1024 bits (WARNING: this may be insecure)" off \
 | 
	
		
			
			| 355 |  | -             2 "2048 bits" on \
 | 
	
		
			
			| 356 |  | -             3 "3072 bits" off 2> $data
 | 
	
		
			
			|  | 354 | +             1 "2048 bits" off \
 | 
	
		
			
			|  | 355 | +             2 "3072 bits" on \
 | 
	
		
			
			|  | 356 | +             3 "4096 bits" off 2> $data
 | 
	
		
			
			| 357 | 357 |        sel=$?
 | 
	
		
			
			| 358 | 358 |        case $sel in
 | 
	
		
			
			| 359 | 359 |            1) exit 1;;
 | 
	
		
			
			| 360 | 360 |            255) exit 1;;
 | 
	
		
			
			| 361 | 361 |        esac
 | 
	
		
			
			| 362 | 362 |        case $(cat $data) in
 | 
	
		
			
			| 363 |  | -          1) DH_KEYLENGTH=1024;;
 | 
	
		
			
			| 364 |  | -          2) DH_KEYLENGTH=2048;;
 | 
	
		
			
			| 365 |  | -          3) DH_KEYLENGTH=3072;;
 | 
	
		
			
			|  | 363 | +          1) DH_KEYLENGTH=2048;;
 | 
	
		
			
			|  | 364 | +          2) DH_KEYLENGTH=3072;;
 | 
	
		
			
			|  | 365 | +          3) DH_KEYLENGTH=4096;;
 | 
	
		
			
			| 366 | 366 |        esac
 | 
	
		
			
			| 367 | 367 |  
 | 
	
		
			
			| 368 | 368 |        ctr=0
 | 
	
	
		
			
			|  | @@ -371,7 +371,7 @@ function regenerate_dh_keys {
 | 
	
		
			
			| 371 | 371 |            if [[ -f $file ]]; then
 | 
	
		
			
			| 372 | 372 |                filename=/etc/ssl/certs/$(echo $file | awk -F '/etc/ssl/mycerts/' '{print $2}' | awk -F '.crt' '{print $1}').dhparam
 | 
	
		
			
			| 373 | 373 |                if [ -f $filename ]; then
 | 
	
		
			
			| 374 |  | -                  openssl dhparam -check -text -5 $DH_KEYLENGTH -out $filename
 | 
	
		
			
			|  | 374 | +                  openssl dhparam -check -text -dsaparam $DH_KEYLENGTH -out $filename
 | 
	
		
			
			| 375 | 375 |                    ctr=$((ctr + 1))
 | 
	
		
			
			| 376 | 376 |                fi
 | 
	
		
			
			| 377 | 377 |            fi
 |