diff --git a/CHANGES b/CHANGES
index d72c5f0..0ff63e0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,5 @@
 -- release 2.6.1
-
+- enhanced security: replace secpr5121 with secp256r1 for default ECGenParameterSpec
 - enhanced logging: log detailed information and stack trace health check failure
 - enhanced logging: Netty channel handler exception will be logged only when:
     1. run with -debug
diff --git a/src/main/java/org/summerboot/jexpress/security/EncryptorUtil.java b/src/main/java/org/summerboot/jexpress/security/EncryptorUtil.java
index f7fcc69..346d6e3 100644
--- a/src/main/java/org/summerboot/jexpress/security/EncryptorUtil.java
+++ b/src/main/java/org/summerboot/jexpress/security/EncryptorUtil.java
@@ -467,7 +467,7 @@ public static KeyPair generateKeyPairRSA() throws NoSuchAlgorithmException, Inva
     }
 
     public static KeyPair generateKeyPairEC() throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidAlgorithmParameterException {
-        return generateKeyPair("EC", 512);
+        return generateKeyPair("EC", 256);// secp256r1 , secp384r1, secp521r1
     }
 
     /**