diff --git a/debian/changelog b/debian/changelog
index 6fa43ea..2d76138 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,8 +3,9 @@
   * Fix renegiotation when using TLS > 1.0.  This breaks tor.  Patch from
     upstream.  (Closes: #675990)
   * Enable the padlock engine by default.
-
- -- Kurt Roeckx <kurt@roeckx.be>  Wed, 06 Jun 2012 00:47:56 +0200
+  * Change default bits from 1024 to 2048 (Closes: #487152)
+
+ -- Kurt Roeckx <kurt@roeckx.be>  Wed, 06 Jun 2012 00:55:42 +0200
 
 openssl (1.0.1c-1) unstable; urgency=high
 
diff --git a/debian/patches/default_bits.patch b/debian/patches/default_bits.patch
new file mode 100644
index 0000000..8e7e416
--- /dev/null
+++ b/debian/patches/default_bits.patch
@@ -0,0 +1,11 @@
+--- openssl/apps/openssl.cnf	2012-06-06 00:51:47.000000000 +0200
++++ openssl/apps/openssl.cnf	2012-06-06 00:53:48.000000000 +0200
+@@ -105,7 +105,7 @@
+ 
+ ####################################################################
+ [ req ]
+-default_bits		= 1024
++default_bits		= 2048
+ default_keyfile 	= privkey.pem
+ distinguished_name	= req_distinguished_name
+ attributes		= req_attributes
diff --git a/debian/patches/series b/debian/patches/series
index 6fb8d5c..63d8bbf 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -31,3 +31,4 @@
 c_rehash-multi.patch
 renegiotate_tls.patch
 padlock_conf.patch
+default_bits.patch