diff --git a/defaults.h b/defaults.h
index 86ae033..7a584fc 100644
--- a/defaults.h
+++ b/defaults.h
@@ -80,7 +80,7 @@
  * OpenSSL security level of 2+ does not accept key size of 1024 bits, giving 
  * a "key too small" error while loading forged cert into SSL ctx.
  */
-#define DFLT_LEAFKEY_RSABITS 1024
+#define DFLT_LEAFKEY_RSABITS 2048
 
 #endif /* !DEFAULTS_H */
 
diff --git a/sslproxy.1 b/sslproxy.1
index 8e3f937..3ffff62 100644
--- a/sslproxy.1
+++ b/sslproxy.1
@@ -287,7 +287,7 @@ no matching certificate in the provided certificate directory.
 .TP
 .B \-K \fIpemfile\fP
 Use private key from \fIpemfile\fP for the leaf certificates forged on-the-fly.
-If \fB-K\fP is not given, SSLproxy will generate a random 1024-bit RSA key.
+If \fB-K\fP is not given, SSLproxy will generate a random 2048-bit RSA key.
 .TP
 .B \-l \fIlogfile\fP
 Log connections to \fIlogfile\fP in a single line per connection format,
diff --git a/sslproxy.conf b/sslproxy.conf
index afa9811..ac83dbb 100644
--- a/sslproxy.conf
+++ b/sslproxy.conf
@@ -93,8 +93,8 @@ CAKey /etc/sslproxy/ca.key
 #Ciphers MEDIUM:HIGH
 
 # Leaf key RSA keysize in bits, use 1024|2048|3072|4096.
-# (default: 1024)
-#LeafKeyRSABits 1024
+# (default: 2048)
+#LeafKeyRSABits 2048
 
 # OpenSSL engine to activate, either ID or full path to shared library
 # Equivalent to -x command line option
diff --git a/sslproxy.conf.5 b/sslproxy.conf.5
index 9df63ed..5477a9b 100644
--- a/sslproxy.conf.5
+++ b/sslproxy.conf.5
@@ -141,7 +141,7 @@ Default: ALL:-aNULL
 \fBLeafKeyRSABits NUMBER\fR
 Leaf key RSA keysize in bits, use 1024|2048|3072|4096.
 .br 
-Default: 1024
+Default: 2048
 .TP 
 \fBOpenSSLEngine STRING\fR
 The OpenSSL engine to activate.  Equivalent to -x command line option.