diff --git a/crypto-utils.spec b/crypto-utils.spec
index 500c960..0cf2874 100644
--- a/crypto-utils.spec
+++ b/crypto-utils.spec
@@ -4,7 +4,7 @@
 Summary: SSL certificate and key management utilities
 Name: crypto-utils
 Version: 2.4.1
-Release: 44%{?dist}
+Release: 45%{?dist}
 Group: Applications/System
 # certwatch.c is GPLv2
 # pemutil.c etc are (MPLv1.1+ or GPLv2+ or LPGLv2+)
@@ -135,6 +135,10 @@ chmod -R u+w $RPM_BUILD_ROOT
 %{perl_vendorarch}/auto/Crypt
 
 %changelog
+* Wed Jan 22 2014 Joe Orton <jorton@redhat.com> - 2.4.1-45
+- keyutil: use SHA1 as default hash in created certs (#921117)
+- genkey: default to 2048 bit keysize (#986788)
+
 * Fri Aug  9 2013 Joe Orton <jorton@redhat.com> - 2.4.1-44
 - fix License, fix debuginfo generation (#915705)
 
diff --git a/genkey.pl b/genkey.pl
index 195c096..909f5d1 100644
--- a/genkey.pl
+++ b/genkey.pl
@@ -526,8 +526,8 @@ EOT
     my $listbox = Newt::Listbox(5, 0);
     my $text = Newt::Textbox(70, 6, 0, $title);
     my @listitems = ("512 (insecure)",
-		     "1024 (medium-grade, fast speed) [RECOMMENDED]",
-		     "2048 (high-security, medium speed)",
+		     "1024 (medium-grade, fast speed)",
+		     "2048 (high-security, medium speed) [RECOMMENDED]",
 		     "4096 (paranoid-security, tortoise speed)",
 		     "Choose your own");
 
@@ -537,7 +537,7 @@ EOT
     $panel->Add(0, 1, $listbox, 0, 0, 1);
     $panel->Add(0, 2, NextBackCancelButton());
     
-    Newt::newtListboxSetCurrent($listbox->{co}, 1);
+    Newt::newtListboxSetCurrent($listbox->{co}, 2);
 
     $panel->Draw();
 
diff --git a/keyutil.c b/keyutil.c
index 1f50d40..e996c51 100644
--- a/keyutil.c
+++ b/keyutil.c
@@ -1522,7 +1522,7 @@ static int keyutil_main(
     keyutil_extns[ext_policyConstr] = PR_FALSE;
     keyutil_extns[ext_inhibitAnyPolicy] = PR_FALSE;
 
-    hashAlgTag = SEC_OID_MD5;
+    hashAlgTag = SEC_OID_SHA1;
 
     /*  Make a cert request */
     rv = CertReq(privkey, pubkey, rsaKey, hashAlgTag, subject,