diff --git a/CHANGES b/CHANGES
index daebe649e6ff0d22e77d9683a8c0555600672bea..602165cd49beda5136832e2982ea51fd7bc1195e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,12 +5,17 @@
 
  Changes between 0.9.2b and 0.9.3
 
+  *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
+     8 of keying material. Merlin has also confirmed interop with this fix
+     between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0.
+     [Merlin Hughes <merlin@baltimore.ie>]
+
   *) Fix lots of warnings.
      [Richard Levitte <levitte@stacken.kth.se>]
  
   *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if
      the directory spec didn't end with a LIST_SEPARATOR_CHAR.
-	 [Richard Levitte <levitte@stacken.kth.se>]
+     [Richard Levitte <levitte@stacken.kth.se>]
  
   *) Fix problems with sizeof(long) == 8.
      [Andy Polyakov <appro@fy.chalmers.se>]
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 870dcf27de5c867b98fb368e02ed4b1ddfc5e216..b5f25588fd66bc8d3a514ec5776637a24fffddc0 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -201,7 +201,8 @@
 #define SSL_C_IS_EXPORT(c)	SSL_IS_EXPORT((c)->algorithms)
 #define SSL_C_IS_EXPORT56(c)	SSL_IS_EXPORT56((c)->algorithms)
 #define SSL_C_IS_EXPORT40(c)	SSL_IS_EXPORT40((c)->algorithms)
-#define SSL_EXPORT_KEYLENGTH(a)	(SSL_IS_EXPORT40(a) ? 5 : 7)
+#define SSL_EXPORT_KEYLENGTH(a)	(SSL_IS_EXPORT40(a) ? 5 : \
+				 ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)
 #define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
 #define SSL_C_EXPORT_KEYLENGTH(c)	SSL_EXPORT_KEYLENGTH((c)->algorithms)
 #define SSL_C_EXPORT_PKEYLENGTH(c)	SSL_EXPORT_PKEYLENGTH((c)->algorithms)