diff --git a/appinfo/info.xml b/appinfo/info.xml
index c12fad763ec..e71ae99108c 100644
--- a/appinfo/info.xml
+++ b/appinfo/info.xml
@@ -18,7 +18,7 @@
 * 🌉 **Sync with other chat solutions** With [Matterbridge](https://github.com/42wim/matterbridge/) being integrated in Talk, you can easily sync a lot of other chat solutions to Nextcloud Talk and vice-versa.
 ]]></description>
 
-	<version>23.0.0-beta.2</version>
+	<version>23.0.0-beta.2.1</version>
 	<licence>agpl</licence>
 
 	<author>Anna Larch</author>
@@ -89,6 +89,7 @@
 			<step>OCA\Talk\Migration\ClearResourceAccessCache</step>
 			<step>OCA\Talk\Migration\CacheUserDisplayNames</step>
 			<step>OCA\Talk\Migration\FixLastReadMessageZero</step>
+			<step>OCA\Talk\Migration\RegenerateSignalingKeys</step>
 		</post-migration>
 	</repair-steps>
 
diff --git a/composer.lock b/composer.lock
index 5091525b88f..12f64ca1c01 100644
--- a/composer.lock
+++ b/composer.lock
@@ -265,16 +265,16 @@
         },
         {
             "name": "firebase/php-jwt",
-            "version": "v7.0.1",
+            "version": "v7.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/firebase/php-jwt.git",
-                "reference": "81ed59ef42f33a522b5891180df4c743222b8b92"
+                "reference": "5645b43af647b6947daac1d0f659dd1fbe8d3b65"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/firebase/php-jwt/zipball/81ed59ef42f33a522b5891180df4c743222b8b92",
-                "reference": "81ed59ef42f33a522b5891180df4c743222b8b92",
+                "url": "https://api.github.com/repos/firebase/php-jwt/zipball/5645b43af647b6947daac1d0f659dd1fbe8d3b65",
+                "reference": "5645b43af647b6947daac1d0f659dd1fbe8d3b65",
                 "shasum": ""
             },
             "require": {
@@ -322,9 +322,9 @@
             ],
             "support": {
                 "issues": "https://github.com/firebase/php-jwt/issues",
-                "source": "https://github.com/firebase/php-jwt/tree/v7.0.1"
+                "source": "https://github.com/firebase/php-jwt/tree/v7.0.2"
             },
-            "time": "2025-12-15T23:11:17+00:00"
+            "time": "2025-12-16T22:17:28+00:00"
         }
     ],
     "packages-dev": [
@@ -591,5 +591,5 @@
     "platform-overrides": {
         "php": "8.2"
     },
-    "plugin-api-version": "2.9.0"
+    "plugin-api-version": "2.6.0"
 }
diff --git a/lib/Config.php b/lib/Config.php
index 35b0e870393..c245d6a2ca0 100644
--- a/lib/Config.php
+++ b/lib/Config.php
@@ -542,7 +542,7 @@ private function ensureSignalingTokenKeys(string $alg): void {
 
 		if (str_starts_with($alg, 'ES')) {
 			$privKey = openssl_pkey_new([
-				'curve_name' => 'prime256v1',
+				'curve_name' => $alg === 'ES384' ? 'secp384r1' : 'prime256v1',
 				'private_key_bits' => 2048,
 				'private_key_type' => OPENSSL_KEYTYPE_EC,
 			]);
diff --git a/lib/Migration/RegenerateSignalingKeys.php b/lib/Migration/RegenerateSignalingKeys.php
new file mode 100644
index 00000000000..808e867b0d8
--- /dev/null
+++ b/lib/Migration/RegenerateSignalingKeys.php
@@ -0,0 +1,48 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Talk\Migration;
+
+use OCA\Talk\Config;
+use OCP\AppFramework\Services\IAppConfig;
+use OCP\Migration\IOutput;
+use OCP\Migration\IRepairStep;
+
+/**
+ * In JWT 7.0.2 validation for the key length was added, and it revealed that
+ * Talk used a too short private key. So when generating a signaling ticket fails,
+ * we generate a new private and public key with more complex curve which fixes it.
+ */
+class RegenerateSignalingKeys implements IRepairStep {
+	public function __construct(
+		protected IAppConfig $appConfig,
+		protected Config $talkConfig,
+	) {
+	}
+
+	#[\Override]
+	public function getName(): string {
+		return 'Regenerate signaling keys';
+	}
+
+	#[\Override]
+	public function run(IOutput $output): void {
+		$alg = $this->talkConfig->getSignalingTokenAlgorithm();
+
+		if ($alg === 'ES384') {
+			try {
+				$this->talkConfig->getSignalingTicket(2, null);
+			} catch (\Exception $e) {
+				$this->appConfig->setAppValue('signaling_token_privkey_' . strtolower($alg), '');
+				$this->appConfig->setAppValue('signaling_token_pubkey_' . strtolower($alg), '');
+
+				$this->talkConfig->getSignalingTokenPrivateKey($alg);
+			}
+		}
+	}
+}