diff --git a/lib/nss/nssoptions.h b/lib/nss/nssoptions.h
--- a/lib/nss/nssoptions.h
+++ b/lib/nss/nssoptions.h
@@ -11,11 +11,11 @@
  * file into NSS proper */
 
 /* The minimum server key sizes accepted by the clients.
  * Not 1024 to be conservative. */
 #define SSL_RSA_MIN_MODULUS_BITS 1023
 /* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be
  * only 1023 bits and similar.  We don't have good data on whether this
  * happens because NSS used to count bit lengths incorrectly. */
-#define SSL_DH_MIN_P_BITS 1023
+#define SSL_DH_MIN_P_BITS 768
 #define SSL_DSA_MIN_P_BITS 1023
 
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -6950,17 +6950,17 @@ ssl3_HandleServerKeyExchange(sslSocket *
 	    goto loser;		/* malformed. */
 	}
 
 	rv = NSS_OptionGet(NSS_DH_MIN_KEY_SIZE, &minDH);
 	if (rv != SECSuccess) {
             minDH = SSL_DH_MIN_P_BITS;
 	}
         dh_p_bits = SECKEY_BigIntegerBitLength(&dh_p);
-        if (dh_p_bits < minDH) {
+        if (dh_p_bits < SSL_DH_MIN_P_BITS) {
 	    errCode = SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY;
 	    goto alert_loser;
 	}
     	rv = ssl3_ConsumeHandshakeVariable(ss, &dh_g, 2, &b, &length);
     	if (rv != SECSuccess) {
 	    goto loser;		/* malformed. */
 	}
         /* Abort if dh_g is 0, 1, or obviously too big. */
diff --git a/lib/ssl/sslimpl.h b/lib/ssl/sslimpl.h
--- a/lib/ssl/sslimpl.h
+++ b/lib/ssl/sslimpl.h
@@ -24,16 +24,17 @@
 #include "nssilock.h"
 #include "pkcs11t.h"
 #if defined(XP_UNIX) || defined(XP_BEOS)
 #include "unistd.h"
 #endif
 #include "nssrwlk.h"
 #include "prthread.h"
 #include "prclist.h"
+#include "nssoptions.h" /* defines SSL_DH_MIN_P_BITS 768 */
 
 #include "sslt.h" /* for some formerly private types, now public */
 
 /* to make some of these old enums public without namespace pollution,
 ** it was necessary to prepend ssl_ to the names.
 ** These #defines preserve compatibility with the old code here in libssl.
 */
 typedef SSLKEAType      SSL3KEAType;
@@ -149,16 +150,24 @@ typedef enum { SSLAppOpRead = 0,
 #define SSL3_SUITE_B_SUPPORTED_CURVES_MASK 0x3800000
 
 #ifndef BPB
 #define BPB 8 /* Bits Per Byte */
 #endif
 
 #define EXPORT_RSA_KEY_LENGTH 64	/* bytes */
 
+/* The minimum server key sizes accepted by the clients.
+ * Not 1024 to be conservative. */
+#define SSL_RSA_MIN_MODULUS_BITS 1023
+/* 1023 to avoid cases where p = 2q+1 for a 512-bit q turns out to be
+ * only 1023 bits and similar.  We don't have good data on whether this
+ * happens because NSS used to count bit lengths incorrectly. */
+#define SSL_DSA_MIN_P_BITS 1023
+
 #define INITIAL_DTLS_TIMEOUT_MS   1000  /* Default value from RFC 4347 = 1s*/
 #define MAX_DTLS_TIMEOUT_MS      60000  /* 1 minute */
 #define DTLS_FINISHED_TIMER_MS  120000  /* Time to wait in FINISHED state */
 
 typedef struct sslBufferStr             sslBuffer;
 typedef struct sslConnectInfoStr        sslConnectInfo;
 typedef struct sslGatherStr             sslGather;
 typedef struct sslSecurityInfoStr       sslSecurityInfo;