SummerBootFramework · SummerBootFramework · Aug 16, 2025 · Aug 16, 2025
diff --git a/CHANGES b/CHANGES
@@ -1,5 +1,5 @@
 -- release 2.6.1
-
+- enhanced security: replace secpr5121 with secp256r1 for default ECGenParameterSpec
 - enhanced logging: log detailed information and stack trace health check failure
 - enhanced logging: Netty channel handler exception will be logged only when:
     1. run with -debug

diff --git a/src/main/java/org/summerboot/jexpress/security/EncryptorUtil.java b/src/main/java/org/summerboot/jexpress/security/EncryptorUtil.java
@@ -467,7 +467,7 @@
     }
 
     public static KeyPair generateKeyPairEC() throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidAlgorithmParameterException {
-        return generateKeyPair("EC", 512);
+        return generateKeyPair("EC", 256);// secp256r1 , secp384r1, secp521r1
     }
 
     /**
@@ -490,7 +490,7 @@
        switch (keyfactoryAlgorithm.toUpperCase()) {
            case "RSA" -> {
                kpg = KeyPairGenerator.getInstance("RSA");
                kpg.initialize(size);
            }
            case "EC" -> {
                kpg = KeyPairGenerator.getInstance("EC");