diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index fe935e1f..7595c48e 100644
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -285,10 +285,10 @@ static bool metakey_ec_h(connection_t *c, const char *request) {
 
 	free(seed);
 
-	cipher_set_key(&c->incipher, mykey, true);
+	cipher_set_key(&c->incipher, mykey, false);
 	digest_set_key(&c->indigest, mykey + mykeylen, mykeylen);
 
-	cipher_set_key(&c->outcipher, hiskey, false);
+	cipher_set_key(&c->outcipher, hiskey, true);
 	digest_set_key(&c->outdigest, hiskey + hiskeylen, hiskeylen);
 
 	c->status.decryptin = true;
diff --git a/src/protocol_key.c b/src/protocol_key.c
index dac13628..313681bd 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -171,7 +171,7 @@ bool send_ans_key(node_t *to) {
 	to->incompression = myself->incompression;
 
 	randomize(key, keylen);
-	cipher_set_key(&to->incipher, key, true);
+	cipher_set_key(&to->incipher, key, false);
 	digest_set_key(&to->indigest, key, keylen);
 
 	bin2hex(key, key, keylen);
@@ -330,10 +330,10 @@ bool ans_key_h(connection_t *c, char *request) {
 		digest_open_by_nid(&from->indigest, digest_get_nid(&myself->indigest), digest_length(&myself->indigest));
 		from->incompression = myself->incompression;
 
-		cipher_set_key(&from->incipher, mykey, true);
+		cipher_set_key(&from->incipher, mykey, false);
 		digest_set_key(&from->indigest, mykey + mykeylen, mykeylen);
 
-		cipher_set_key(&from->outcipher, hiskey, false);
+		cipher_set_key(&from->outcipher, hiskey, true);
 		digest_set_key(&from->outdigest, hiskey + hiskeylen, hiskeylen);
 
 		// Reset sequence number and late packet window
@@ -354,7 +354,7 @@ bool ans_key_h(connection_t *c, char *request) {
 
 		/* Update our copy of the origin's packet key */
 
-		cipher_set_key(&from->outcipher, key, false);
+		cipher_set_key(&from->outcipher, key, true);
 		digest_set_key(&from->outdigest, key, keylen);
 	}