diff --git a/CHANGES b/CHANGES
index 3642c9c528..804bc3642b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,9 @@
 
+2.3-303 | 2014-11-18 10:53:04 -0800
+
+  * For DH key exchanges, use p as the parameter for weak key
+    exchanges. (Johanna Amann)
+
 2.3-301 | 2014-11-11 13:47:27 -0800
 
   * Add builtin function enum_to_int() that converts an enum into a
diff --git a/VERSION b/VERSION
index 5fa0f4af0c..249fe33eb6 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.3-301
+2.3-303
diff --git a/scripts/policy/protocols/ssl/weak-keys.bro b/scripts/policy/protocols/ssl/weak-keys.bro
index e849c3c06c..82cc3a2b5f 100644
--- a/scripts/policy/protocols/ssl/weak-keys.bro
+++ b/scripts/policy/protocols/ssl/weak-keys.bro
@@ -65,7 +65,7 @@ event ssl_dh_server_params(c: connection, p: string, q: string, Ys: string) &pri
 	if ( ! addr_matches_host(c$id$resp_h, notify_weak_keys) )
 		return;
 
-	local key_length = |Ys| * 8; # key length in bits
+	local key_length = |p| * 8; # length of the used prime number in bits
 
 	if ( key_length < notify_minimal_key_length )
 		NOTICE([$note=Weak_Key,