diff --git a/doc/SSL.txt b/doc/SSL.txt
index 394894a2..b98c2fbe 100644
--- a/doc/SSL.txt
+++ b/doc/SSL.txt
@@ -51,7 +51,7 @@ OpenSSL:
 Creating a self-signed certificate and key:
  $ openssl req -newkey rsa:2048 -x509 -keyout server-key.pem -out server-cert.pem -days 1461
 Create DH parameters (optional):
- $ openssl dhparam -2 -out dhparams.pem 2048
+ $ openssl dhparam -2 -out dhparams.pem 4096
 
 GnuTLS:
 
@@ -59,7 +59,7 @@ Creating a self-signed certificate and key:
  $ certtool --generate-privkey --bits 2048 --outfile server-key.pem
  $ certtool --generate-self-signed --load-privkey server-key.pem --outfile server-cert.pem
 Create DH parameters (optional):
- $ certtool  --generate-dh-params --bits 2048 --outfile dhparams.pem
+ $ certtool  --generate-dh-params --bits 4096 --outfile dhparams.pem
 
 
 Alternate approach using stunnel(1)
diff --git a/src/ngircd/conn-ssl.c b/src/ngircd/conn-ssl.c
index edcc5bd5..7630420d 100644
--- a/src/ngircd/conn-ssl.c
+++ b/src/ngircd/conn-ssl.c
@@ -51,7 +51,7 @@ static bool ConnSSL_LoadServerKey_openssl PARAMS(( SSL_CTX *c ));
 #include <unistd.h>
 #include <gnutls/x509.h>
 
-#define DH_BITS 1024
+#define DH_BITS 2048
 static gnutls_certificate_credentials_t x509_cred;
 static gnutls_dh_params_t dh_params;