From: Ben Laurie <ben@openssl.org>
Date: Sun, 21 Feb 1999 20:03:24 +0000 (+0000)
Subject: Add support for new TLS export ciphersuites.
X-Git-Tag: OpenSSL_0_9_2b~129
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=06ab81f9f7b055a4456798cb9ef3266160438a08;p=oweals%2Fopenssl.git

Add support for new TLS export ciphersuites.
---

diff --git a/CHANGES b/CHANGES
index f46f964fce..000f671598 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,12 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
+     TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
+     TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
+     Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
+     [Ben Laurie]
+
   *) Add preliminary config info for new extension code.
      [Steve Henson]
 
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index d1f49e5ac3..a4d0f1c90f 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -290,7 +290,7 @@ SSL *s;
 						for (j=0; j<sk_num(sk); j++)
 							{
 							c=(SSL_CIPHER *)sk_value(sk,j);
-							if (!(c->algorithms & SSL_EXP))
+							if (!SSL_C_IS_EXPORT(c))
 								{
 								if ((c->id>>24L) == 2L)
 									ne2=1;
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index bbac33cf36..33112eeb3f 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -568,7 +568,7 @@ SSL *s;
 
 		if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
 			enc=8;
-		else if (sess->cipher->algorithms & SSL_EXP)
+		else if (SSL_C_IS_EXPORT(sess->cipher))
 			enc=5;
 		else
 			enc=i;
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index 12b8458a58..282d8bd71e 100644
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -78,7 +78,7 @@ SSL_CIPHER ssl2_ciphers[]={
 	1,
 	SSL2_TXT_NULL_WITH_MD5,
 	SSL2_CK_NULL_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP|SSL_SSLV2,
+	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP40|SSL_SSLV2,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -88,7 +88,7 @@ SSL_CIPHER ssl2_ciphers[]={
 	1,
 	SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
 	SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP|SSL_SSLV2,
+	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP40|SSL_SSLV2,
 	SSL2_CF_5_BYTE_ENC,
 	SSL_ALL_CIPHERS,
 	},
@@ -97,7 +97,7 @@ SSL_CIPHER ssl2_ciphers[]={
 	1,
 	SSL2_TXT_RC4_128_WITH_MD5,
 	SSL2_CK_RC4_128_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -106,7 +106,7 @@ SSL_CIPHER ssl2_ciphers[]={
 	1,
 	SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
 	SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP|SSL_SSLV2,
+	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP40|SSL_SSLV2,
 	SSL2_CF_5_BYTE_ENC,
 	SSL_ALL_CIPHERS,
 	},
@@ -115,7 +115,7 @@ SSL_CIPHER ssl2_ciphers[]={
 	1,
 	SSL2_TXT_RC2_128_CBC_WITH_MD5,
 	SSL2_CK_RC2_128_CBC_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -124,7 +124,7 @@ SSL_CIPHER ssl2_ciphers[]={
 	1,
 	SSL2_TXT_IDEA_128_CBC_WITH_MD5,
 	SSL2_CK_IDEA_128_CBC_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+	SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -133,7 +133,7 @@ SSL_CIPHER ssl2_ciphers[]={
 	1,
 	SSL2_TXT_DES_64_CBC_WITH_MD5,
 	SSL2_CK_DES_64_CBC_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_LOW,
+	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_LOW,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -142,7 +142,7 @@ SSL_CIPHER ssl2_ciphers[]={
 	1,
 	SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
 	SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH,
+	SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|_SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH,
 	0,
 	SSL_ALL_CIPHERS,
 	},
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 814e38f480..73c19af807 100644
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -401,7 +401,7 @@ SSL *s;
 		&(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
 		(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
 
-	export=(s->session->cipher->algorithms & SSL_EXP)?1:0;
+	export=SSL_C_IS_EXPORT(s->session->cipher);
 	
 	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
 		{
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index b2649ed998..cb63a9f7ce 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1689,12 +1689,13 @@ SSL *s;
 #endif
 #endif
 
-	if ((algs & SSL_EXP) && !has_bits(i,EVP_PKT_EXP))
+	if (SSL_IS_EXPORT(algs) && !has_bits(i,EVP_PKT_EXP))
 		{
 #ifndef NO_RSA
 		if (algs & SSL_kRSA)
 			{
-			if ((rsa == NULL) || (RSA_size(rsa) > 512))
+			if (rsa == NULL
+			    || RSA_size(rsa) > SSL_EXPORT_PKEYLENGTH(algs))
 				{
 				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
 				goto f_err;
@@ -1704,8 +1705,9 @@ SSL *s;
 #endif
 #ifndef NO_DH
 			if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
-			{
-			if ((dh == NULL) || (DH_size(dh) > 512))
+			    {
+			    if (dh == NULL
+				|| DH_size(dh) > SSL_EXPORT_PKEYLENGTH(algs))
 				{
 				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
 				goto f_err;
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index a655e12bec..d79d9272d6 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -141,7 +141,7 @@ int which;
 	MD5_CTX md;
 	int exp,n,i,j,k,cl;
 
-	exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
+	exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
 	c=s->s3->tmp.new_sym_enc;
 	m=s->s3->tmp.new_hash;
 	if (s->s3->tmp.new_compression == NULL)
@@ -213,7 +213,8 @@ int which;
 	p=s->s3->tmp.key_block;
 	i=EVP_MD_size(m);
 	cl=EVP_CIPHER_key_length(c);
-	j=exp ? (cl < 5 ? cl : 5) : cl;
+	j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+		 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
 	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
 	k=EVP_CIPHER_iv_length(c);
 	if (	(which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
@@ -283,7 +284,7 @@ SSL *s;
 	unsigned char *p;
 	EVP_CIPHER *c;
 	EVP_MD *hash;
-	int num,exp;
+	int num;
 	SSL_COMP *comp;
 
 	if (s->s3->tmp.key_block_length != 0)
@@ -299,8 +300,6 @@ SSL *s;
 	s->s3->tmp.new_hash=hash;
 	s->s3->tmp.new_compression=comp;
 
-	exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
-
 	num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
 	num*=2;
 
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index c64b760a44..ffea4b5d72 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -77,7 +77,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_RSA_NULL_MD5,
 	SSL3_CK_RSA_NULL_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
+	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|_SSL_NOT_EXP|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -86,7 +86,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_RSA_NULL_SHA,
 	SSL3_CK_RSA_NULL_SHA,
-	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -97,7 +97,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_ADH_RC4_40_MD5,
 	SSL3_CK_ADH_RC4_40_MD5,
-	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_EXP|SSL_SSLV3,
+	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -106,7 +106,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_ADH_RC4_128_MD5,
 	SSL3_CK_ADH_RC4_128_MD5,
-	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
+	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5|_SSL_NOT_EXP|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -115,7 +115,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_ADH_DES_40_CBC_SHA,
 	SSL3_CK_ADH_DES_40_CBC_SHA,
-	SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -124,7 +124,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_ADH_DES_64_CBC_SHA,
 	SSL3_CK_ADH_DES_64_CBC_SHA,
-	SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -133,7 +133,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_ADH_DES_192_CBC_SHA,
 	SSL3_CK_ADH_DES_192_CBC_SHA,
-	SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -144,7 +144,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_RSA_RC4_40_MD5,
 	SSL3_CK_RSA_RC4_40_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_EXP|SSL_SSLV3,
+	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -153,7 +153,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_RSA_RC4_128_MD5,
 	SSL3_CK_RSA_RC4_128_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
+	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|_SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -162,7 +162,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_RSA_RC4_128_SHA,
 	SSL3_CK_RSA_RC4_128_SHA,
-	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
+	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -171,7 +171,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_RSA_RC2_40_MD5,
 	SSL3_CK_RSA_RC2_40_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_EXP|SSL_SSLV3,
+	SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -180,7 +180,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_RSA_IDEA_128_SHA,
 	SSL3_CK_RSA_IDEA_128_SHA,
-	SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
+	SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -189,7 +189,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_RSA_DES_40_CBC_SHA,
 	SSL3_CK_RSA_DES_40_CBC_SHA,
-	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -198,7 +198,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_RSA_DES_64_CBC_SHA,
 	SSL3_CK_RSA_DES_64_CBC_SHA,
-	SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+	SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -207,7 +207,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_RSA_DES_192_CBC3_SHA,
 	SSL3_CK_RSA_DES_192_CBC3_SHA,
-	SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+	SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -218,7 +218,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	0,
 	SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
 	SSL3_CK_DH_DSS_DES_40_CBC_SHA,
-	SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -227,7 +227,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	0,
 	SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
 	SSL3_CK_DH_DSS_DES_64_CBC_SHA,
-	SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+	SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -236,7 +236,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	0,
 	SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
 	SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
-	SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+	SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -245,7 +245,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	0,
 	SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
 	SSL3_CK_DH_RSA_DES_40_CBC_SHA,
-	SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -254,7 +254,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	0,
 	SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
 	SSL3_CK_DH_RSA_DES_64_CBC_SHA,
-	SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+	SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -263,7 +263,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	0,
 	SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
 	SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
-	SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+	SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -274,7 +274,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
 	SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
-	SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -283,7 +283,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
 	SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
-	SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+	SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -292,7 +292,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
 	SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
-	SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+	SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -301,7 +301,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
 	SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
-	SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP40|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -310,7 +310,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
 	SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
-	SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+	SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -319,7 +319,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
 	SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
-	SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+	SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -330,7 +330,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	0,
 	SSL3_TXT_FZA_DMS_NULL_SHA,
 	SSL3_CK_FZA_DMS_NULL_SHA,
-	SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -340,7 +340,7 @@ SSL_CIPHER ssl3_ciphers[]={
 	0,
 	SSL3_TXT_FZA_DMS_FZA_SHA,
 	SSL3_CK_FZA_DMS_FZA_SHA,
-	SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
@@ -350,11 +350,40 @@ SSL_CIPHER ssl3_ciphers[]={
 	0,
 	SSL3_TXT_FZA_DMS_RC4_SHA,
 	SSL3_CK_FZA_DMS_RC4_SHA,
-	SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|_SSL_NOT_EXP|SSL_SSLV3,
 	0,
 	SSL_ALL_CIPHERS,
 	},
 
+	/* New TLS Export CipherSuites */
+	/* Cipher 60 */
+	    {
+	    1,
+	    TLS1_TXT_RSA_EXPORT56_WITH_RC4_56_MD5,
+	    TLS1_CK_RSA_EXPORT56_WITH_RC4_56_MD5,
+	    SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP56|SSL_TLSV1,
+	    0,
+	    SSL_ALL_CIPHERS
+	    },
+	/* Cipher 61 */
+	    {
+	    1,
+	    TLS1_TXT_RSA_EXPORT56_WITH_RC2_CBC_56_MD5,
+	    TLS1_CK_RSA_EXPORT56_WITH_RC2_CBC_56_MD5,
+	    SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP56|SSL_TLSV1,
+	    0,
+	    SSL_ALL_CIPHERS
+	    },
+	/* Cipher 62 */
+	    {
+	    1,
+	    TLS1_TXT_RSA_EXPORT56_WITH_DES_CBC_SHA,
+	    TLS1_CK_RSA_EXPORT56_WITH_DES_CBC_SHA,
+	    SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_EXP56|SSL_TLSV1,
+	    0,
+	    SSL_ALL_CIPHERS
+	    },
+
 /* end of list */
 	};
 
@@ -733,7 +762,7 @@ STACK *have,*pref;
 		{
 		c=(SSL_CIPHER *)sk_value(have,i);
 		alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
-		if (alg & SSL_EXPORT)
+		if (SSL_IS_EXPORT(alg))
 			{
 			ok=((alg & emask) == alg)?1:0;
 #ifdef CIPHER_DEBUG
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index a4c0744488..233de6ca90 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -309,16 +309,16 @@ SSL *s;
 
 			/* only send if a DH key exchange, fortezza or
 			 * RSA but we have a sign only certificate */
-			if ( s->s3->tmp.use_rsa_tmp ||
-			    (l & (SSL_DH|SSL_kFZA)) ||
-			    ((l & SSL_kRSA) &&
-			     ((ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)||
-			      ((l & SSL_EXPORT) &&
-			       (EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > 512)
-			      )
-			     )
+			if (s->s3->tmp.use_rsa_tmp
+			    || (l & (SSL_DH|SSL_kFZA))
+			    || ((l & SSL_kRSA)
+				&& (ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
+				    || (SSL_IS_EXPORT(l)
+					&& EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_EXPORT_PKEYLENGTH(l)
+					)
+				    )
+				)
 			    )
-			   )
 				{
 				ret=ssl3_send_server_key_exchange(s);
 				if (ret <= 0) goto end;
@@ -777,7 +777,7 @@ SSL *s;
 				c=(SSL_CIPHER *)sk_value(sk,i);
 				if (c->algorithms & SSL_eNULL)
 					nc=c;
-				if (c->algorithms & SSL_EXP)
+				if (SSL_C_IS_EXPORT(c))
 					ec=c;
 				}
 			if (nc != NULL)
@@ -945,8 +945,7 @@ SSL *s;
 			if ((rsa == NULL) && (s->ctx->default_cert->rsa_tmp_cb != NULL))
 				{
 				rsa=s->ctx->default_cert->rsa_tmp_cb(s,
-					!(s->s3->tmp.new_cipher->algorithms
-					  &SSL_NOT_EXP));
+					!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher));
 				CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
 				cert->rsa_tmp=rsa;
 				}
@@ -968,8 +967,7 @@ SSL *s;
 			dhp=cert->dh_tmp;
 			if ((dhp == NULL) && (cert->dh_tmp_cb != NULL))
 				dhp=cert->dh_tmp_cb(s,
-					!(s->s3->tmp.new_cipher->algorithms
-					  &SSL_NOT_EXP));
+					!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher));
 			if (dhp == NULL)
 				{
 				al=SSL_AD_HANDSHAKE_FAILURE;
diff --git a/ssl/ssl.h b/ssl/ssl.h
index e6a1327ce3..4947e28eed 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -132,8 +132,9 @@ extern "C" {
 #define SSL_TXT_MD5		"MD5"
 #define SSL_TXT_SHA1		"SHA1"
 #define SSL_TXT_SHA		"SHA"
-#define SSL_TXT_EXP		"EXP"
+#define SSL_TXT_EXP40		"EXP"
 #define SSL_TXT_EXPORT		"EXPORT"
+#define SSL_TXT_EXP56		"EXP56"
 #define SSL_TXT_SSLV2		"SSLv2"
 #define SSL_TXT_SSLV3		"SSLv3"
 #define SSL_TXT_TLSV1		"TLSv1"
@@ -988,18 +989,18 @@ int SSL_state(SSL *ssl);
 void SSL_set_verify_result(SSL *ssl,long v);
 long SSL_get_verify_result(SSL *ssl);
 
-int SSL_set_ex_data(SSL *ssl,int idx,char *data);
-char *SSL_get_ex_data(SSL *ssl,int idx);
+int SSL_set_ex_data(SSL *ssl,int idx,void *data);
+void *SSL_get_ex_data(SSL *ssl,int idx);
 int SSL_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 	int (*dup_func)(), void (*free_func)());
 
-int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,char *data);
-char *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
+int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
+void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
 int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 	int (*dup_func)(), void (*free_func)());
 
-int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,char *data);
-char *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
+int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
+void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
 int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 	int (*dup_func)(), void (*free_func)());
 
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 30501cb700..2bea76cffe 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -144,14 +144,15 @@ static SSL_CIPHER cipher_aliases[]={
 	{0,SSL_TXT_ADH,	0,SSL_ADH,   0,SSL_AUTH_MASK|SSL_MKEY_MASK},
 	{0,SSL_TXT_FZA,	0,SSL_FZA,   0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK},
 
-	{0,SSL_TXT_EXP,	0,SSL_EXP,   0,SSL_EXP_MASK},
-	{0,SSL_TXT_EXPORT,0,SSL_EXPORT,0,SSL_EXP_MASK},
-	{0,SSL_TXT_SSLV2,0,SSL_SSLV2,0,SSL_SSL_MASK},
-	{0,SSL_TXT_SSLV3,0,SSL_SSLV3,0,SSL_SSL_MASK},
-	{0,SSL_TXT_TLSV1,0,SSL_SSLV3,0,SSL_SSL_MASK},
-	{0,SSL_TXT_LOW,  0,SSL_LOW,0,SSL_STRONG_MASK},
+	{0,SSL_TXT_EXP40, 0,SSL_EXP40, 0,_SSL_EXP_MASK},
+	{0,SSL_TXT_EXPORT,0,SSL_EXP40, 0,_SSL_EXP_MASK},
+	{0,SSL_TXT_EXP56, 0,SSL_EXP56, 0,_SSL_EXP_MASK},
+	{0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,SSL_SSL_MASK},
+	{0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,SSL_SSL_MASK},
+	{0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,SSL_SSL_MASK},
+	{0,SSL_TXT_LOW,   0,SSL_LOW,   0,SSL_STRONG_MASK},
 	{0,SSL_TXT_MEDIUM,0,SSL_MEDIUM,0,SSL_STRONG_MASK},
-	{0,SSL_TXT_HIGH, 0,SSL_HIGH,0,SSL_STRONG_MASK},
+	{0,SSL_TXT_HIGH,  0,SSL_HIGH,  0,SSL_STRONG_MASK},
 	};
 
 static int init_ciphers=1;
@@ -615,7 +616,7 @@ SSL_CIPHER *cipher;
 char *buf;
 int len;
 	{
-	int export;
+	int _export,pkl,kl;
 	char *ver,*exp;
 	char *kx,*au,*enc,*mac;
 	unsigned long alg,alg2;
@@ -624,8 +625,10 @@ int len;
 	alg=cipher->algorithms;
 	alg2=cipher->algorithm2;
 
-	export=(alg&SSL_EXP)?1:0;
-	exp=(export)?" export":"";
+	_export=SSL_IS_EXPORT(alg);
+	pkl=SSL_EXPORT_PKEYLENGTH(alg);
+	kl=SSL_EXPORT_KEYLENGTH(alg);
+	exp=_export?" export":"";
 
 	if (alg & SSL_SSLV2)
 		ver="SSLv2";
@@ -637,7 +640,7 @@ int len;
 	switch (alg&SSL_MKEY_MASK)
 		{
 	case SSL_kRSA:
-		kx=(export)?"RSA(512)":"RSA";
+		kx=_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
 		break;
 	case SSL_kDHr:
 		kx="DH/RSA";
@@ -649,7 +652,7 @@ int len;
 		kx="Fortezza";
 		break;
 	case SSL_kEDH:
-		kx=(export)?"DH(512)":"DH";
+		kx=_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
 		break;
 	default:
 		kx="unknown";
@@ -678,16 +681,17 @@ int len;
 	switch (alg&SSL_ENC_MASK)
 		{
 	case SSL_DES:
-		enc=export?"DES(40)":"DES(56)";
+		enc=(_export && kl == 5)?"DES(40)":"DES(56)";
 		break;
 	case SSL_3DES:
 		enc="3DES(168)";
 		break;
 	case SSL_RC4:
-		enc=export?"RC4(40)":((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
+		enc=_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
+		  :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
 		break;
 	case SSL_RC2:
-		enc=export?"RC2(40)":"RC2(128)";
+		enc=_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
 		break;
 	case SSL_IDEA:
 		enc="IDEA(128)";
@@ -770,9 +774,9 @@ int *alg_bits;
 
 		a=EVP_CIPHER_key_length(enc)*8;
 
-		if (c->algorithms & SSL_EXP)
+		if (SSL_C_IS_EXPORT(c))
 			{
-			ret=40;
+			ret=SSL_C_EXPORT_KEYLENGTH(c)*8;
 			}
 		else
 			{
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 2019a400ff..862a555efa 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1236,13 +1236,13 @@ SSL *s;
 	{
 	unsigned long alg,mask,kalg;
 	CERT *c;
-	int i,export;
+	int i,_export;
 
 	c=s->cert;
 	ssl_set_cert_masks(c);
 	alg=s->s3->tmp.new_cipher->algorithms;
-	export=(alg & SSL_EXPORT)?1:0;
-	mask=(export)?c->export_mask:c->mask;
+	_export=SSL_IS_EXPORT(alg);
+	mask=_export?c->export_mask:c->mask;
 	kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
 
 	if 	(kalg & SSL_kDHr)
@@ -1822,12 +1822,12 @@ void (*free_func)();
 int SSL_set_ex_data(s,idx,arg)
 SSL *s;
 int idx;
-char *arg;
+void *arg;
 	{
 	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
 	}
 
-char *SSL_get_ex_data(s,idx)
+void *SSL_get_ex_data(s,idx)
 SSL *s;
 int idx;
 	{
@@ -1849,12 +1849,12 @@ void (*free_func)();
 int SSL_CTX_set_ex_data(s,idx,arg)
 SSL_CTX *s;
 int idx;
-char *arg;
+void *arg;
 	{
 	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
 	}
 
-char *SSL_CTX_get_ex_data(s,idx)
+void *SSL_CTX_get_ex_data(s,idx)
 SSL_CTX *s;
 int idx;
 	{
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 1a907514d9..8c39d69712 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -191,14 +191,25 @@
 #define SSL_SHA1		0x00040000L
 #define SSL_SHA			(SSL_SHA1)
 
-#define SSL_EXP_MASK		0x00300000L
-#define SSL_EXP			0x00100000L
-#define SSL_NOT_EXP		0x00200000L
-#define SSL_EXPORT		SSL_EXP
+#define _SSL_EXP_MASK		0x00300000L
+#define SSL_EXP40		0x00100000L
+#define _SSL_NOT_EXP		0x00200000L
+#define SSL_EXP56		0x00300000L
+#define SSL_IS_EXPORT(a)	((a)&SSL_EXP40)
+#define SSL_IS_EXPORT56(a)	(((a)&_SSL_EXP_MASK) == SSL_EXP56)
+#define SSL_IS_EXPORT40(a)	(((a)&_SSL_EXP_MASK) == SSL_EXP40)
+#define SSL_C_IS_EXPORT(c)	SSL_IS_EXPORT((c)->algorithms)
+#define SSL_C_IS_EXPORT56(c)	SSL_IS_EXPORT56((c)->algorithms)
+#define SSL_C_IS_EXPORT40(c)	SSL_IS_EXPORT40((c)->algorithms)
+#define SSL_EXPORT_KEYLENGTH(a)	(SSL_IS_EXPORT40(a) ? 5 : 7)
+#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
+#define SSL_C_EXPORT_KEYLENGTH(c)	SSL_EXPORT_KEYLENGTH((c)->algorithms)
+#define SSL_C_EXPORT_PKEYLENGTH(c)	SSL_EXPORT_PKEYLENGTH((c)->algorithms)
 
 #define SSL_SSL_MASK		0x00c00000L
 #define SSL_SSLV2		0x00400000L
 #define SSL_SSLV3		0x00800000L
+#define SSL_TLSV1		SSL_SSLV3	/* for now */
 
 #define SSL_STRONG_MASK		0x07000000L
 #define SSL_LOW			0x01000000L
@@ -208,7 +219,7 @@
 /* we have used 0fffffff - 4 bits left to go */
 #define SSL_ALL			0xffffffffL
 #define SSL_ALL_CIPHERS		(SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
-				SSL_MAC_MASK|SSL_EXP_MASK)
+				SSL_MAC_MASK|_SSL_EXP_MASK)
 
 /* Mostly for SSLv3 */
 #define SSL_PKEY_RSA_ENC	0
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index adaab3545f..2403b066cb 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -94,12 +94,12 @@ void (*free_func)();
 int SSL_SESSION_set_ex_data(s,idx,arg)
 SSL_SESSION *s;
 int idx;
-char *arg;
+void *arg;
 	{
 	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
 	}
 
-char *SSL_SESSION_get_ex_data(s,idx)
+void *SSL_SESSION_get_ex_data(s,idx)
 SSL_SESSION *s;
 int idx;
 	{
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index f228295bba..0f5cbd326a 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -178,9 +178,9 @@ int which;
 	EVP_CIPHER *c;
 	SSL_COMP *comp;
 	EVP_MD *m;
-	int exp,n,i,j,k,exp_label_len,cl;
+	int _exp,n,i,j,k,exp_label_len,cl;
 
-	exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
+	_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
 	c=s->s3->tmp.new_sym_enc;
 	m=s->s3->tmp.new_hash;
 	comp=s->s3->tmp.new_compression;
@@ -247,7 +247,8 @@ int which;
 	p=s->s3->tmp.key_block;
 	i=EVP_MD_size(m);
 	cl=EVP_CIPHER_key_length(c);
-	j=exp ? (cl < 5 ? cl : 5) : cl;
+	j=_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+		  cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
 	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
 	k=EVP_CIPHER_iv_length(c);
 	er1= &(s->s3->client_random[0]);
@@ -284,7 +285,7 @@ int which;
 printf("which = %04X\nmac key=",which);
 { int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
 #endif
-	if (exp)
+	if (_exp)
 		{
 		/* In here I set both the read and write key/iv to the
 		 * same value since only the correct one will be used :-).
@@ -297,7 +298,7 @@ printf("which = %04X\nmac key=",which);
 		memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
 		p+=SSL3_RANDOM_SIZE;
 		tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
-			tmp1,tmp2,EVP_CIPHER_key_length(c));
+			 tmp1,tmp2,EVP_CIPHER_key_length(c));
 		key=tmp1;
 
 		if (k > 0)
@@ -347,7 +348,7 @@ SSL *s;
 	unsigned char *p1,*p2;
 	EVP_CIPHER *c;
 	EVP_MD *hash;
-	int num,exp;
+	int num;
 	SSL_COMP *comp;
 
 	if (s->s3->tmp.key_block_length != 0)
@@ -362,8 +363,6 @@ SSL *s;
 	s->s3->tmp.new_sym_enc=c;
 	s->s3->tmp.new_hash=hash;
 
-	exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
-
 	num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
 	num*=2;
 
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 60978613ef..8d47ae591a 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -82,6 +82,14 @@ extern "C" {
 #define TLS1_AD_USER_CANCLED		90
 #define TLS1_AD_NO_RENEGOTIATION	100
 
+#define TLS1_CK_RSA_EXPORT56_WITH_RC4_56_MD5		0x03000060
+#define TLS1_CK_RSA_EXPORT56_WITH_RC2_CBC_56_MD5	0x03000061
+#define TLS1_CK_RSA_EXPORT56_WITH_DES_CBC_SHA		0x03000062
+
+#define TLS1_TXT_RSA_EXPORT56_WITH_RC4_56_MD5		"EXP56-RC4-MD5"
+#define TLS1_TXT_RSA_EXPORT56_WITH_RC2_CBC_56_MD5	"EXP56-RC2-CBC-MD5"
+#define TLS1_TXT_RSA_EXPORT56_WITH_DES_CBC_SHA		"EXP56-DES-CBC-SHA"
+
 #define TLS_CT_RSA_SIGN			1
 #define TLS_CT_DSS_SIGN			2
 #define TLS_CT_RSA_FIXED_DH		3