From d316788244d81eacb980a175a05c650137d19bae Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Thu, 8 Jan 2026 18:16:57 -0600
Subject: [PATCH] configure.ac: initialize
 DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096 unless user passes in an override
 value, and bump the bump value from 4096 to 8192.  fixes #7929

---
 configure.ac | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 70bc42b18d..cf7f9cc60c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -279,6 +279,11 @@ then
     AM_LDFLAGS="$AM_LDFLAGS -lbacktrace"
 fi
 
+if test "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS" = ""
+then
+    DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
+fi
+
 # Start without certificates enabled and enable if a certificate algorithm is
 # enabled
 ENABLED_CERTS="no"
@@ -1498,7 +1503,6 @@ then
 
     # Enable DH const table speedups (eliminates `-lm` math lib dependency)
     AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072"
-    DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
 
     # Enable all parsing features for ASN */
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ALL"
@@ -2797,7 +2801,7 @@ fi
 if test "$ENABLED_BUMP" = "yes"
 then
     AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DWOLFSSL_CERT_GEN -DWOLFSSL_KEY_GEN -DHUGE_SESSION_CACHE -DWOLFSSL_DER_LOAD -DWOLFSSL_ALT_NAMES -DWOLFSSL_TEST_CERT"
-    DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096
+    DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=8192
 fi