diff --git a/src/key/helper.js b/src/key/helper.js
index 16f47acd..e803acab 100644
--- a/src/key/helper.js
+++ b/src/key/helper.js
@@ -178,12 +178,19 @@ export async function getPreferredCipherSuite(keys = [], date = new Date(), user
 
   if (withAEAD) {
     const defaultCipherSuite = { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: enums.aead.ocb };
-    const desiredCipherSuite = { symmetricAlgo: config.preferredSymmetricAlgorithm, aeadAlgo: config.preferredAEADAlgorithm };
-    return selfSigs.every(selfSig => selfSig.preferredCipherSuites && selfSig.preferredCipherSuites.some(
-      cipherSuite => cipherSuite[0] === desiredCipherSuite.symmetricAlgo && cipherSuite[1] === desiredCipherSuite.aeadAlgo
-    )) ?
-      desiredCipherSuite :
-      defaultCipherSuite;
+    const desiredCipherSuites = [
+      { symmetricAlgo: config.preferredSymmetricAlgorithm, aeadAlgo: config.preferredAEADAlgorithm },
+      { symmetricAlgo: config.preferredSymmetricAlgorithm, aeadAlgo: enums.aead.ocb },
+      { symmetricAlgo: enums.symmetric.aes128, aeadAlgo: config.preferredAEADAlgorithm }
+    ];
+    for (const desiredCipherSuite of desiredCipherSuites) {
+      if (selfSigs.every(selfSig => selfSig.preferredCipherSuites && selfSig.preferredCipherSuites.some(
+        cipherSuite => cipherSuite[0] === desiredCipherSuite.symmetricAlgo && cipherSuite[1] === desiredCipherSuite.aeadAlgo
+      ))) {
+        return desiredCipherSuite;
+      }
+    }
+    return defaultCipherSuite;
   }
   const defaultSymAlgo = enums.symmetric.aes128;
   const desiredSymAlgo = config.preferredSymmetricAlgorithm;
diff --git a/test/general/key.js b/test/general/key.js
index 9aed9d57..06ed5ab4 100644
--- a/test/general/key.js
+++ b/test/general/key.js
@@ -4129,6 +4129,34 @@ CNa5yq6lyexhsn2Vs8DsX+SOSUyNJiy5FyIJ
     expect(aeadAlgo).to.equal(openpgp.enums.aead.gcm);
   });
 
+  it('getPreferredCipherSuite with AEAD - one key - AES256-OCB', async function() {
+    const [key1] = await openpgp.readKeys({ armoredKeys: twoKeys });
+    const primaryUser = await key1.getPrimaryUser();
+    primaryUser.selfCertification.features = [9]; // Monkey-patch SEIPDv2 feature flag
+    primaryUser.selfCertification.preferredCipherSuites = [[openpgp.enums.symmetric.aes256, openpgp.enums.aead.ocb]];
+    const { symmetricAlgo, aeadAlgo } = await getPreferredCipherSuite([key1], undefined, undefined, {
+      ...openpgp.config,
+      aeadProtect: true,
+      preferredAEADAlgorithm: openpgp.enums.aead.gcm
+    });
+    expect(symmetricAlgo).to.equal(openpgp.enums.symmetric.aes256);
+    expect(aeadAlgo).to.equal(openpgp.enums.aead.ocb);
+  });
+
+  it('getPreferredCipherSuite with AEAD - one key - AES128-GCM', async function() {
+    const [key1] = await openpgp.readKeys({ armoredKeys: twoKeys });
+    const primaryUser = await key1.getPrimaryUser();
+    primaryUser.selfCertification.features = [9]; // Monkey-patch SEIPDv2 feature flag
+    primaryUser.selfCertification.preferredCipherSuites = [[openpgp.enums.symmetric.aes128, openpgp.enums.aead.gcm]];
+    const { symmetricAlgo, aeadAlgo } = await getPreferredCipherSuite([key1], undefined, undefined, {
+      ...openpgp.config,
+      aeadProtect: true,
+      preferredAEADAlgorithm: openpgp.enums.aead.gcm
+    });
+    expect(symmetricAlgo).to.equal(openpgp.enums.symmetric.aes128);
+    expect(aeadAlgo).to.equal(openpgp.enums.aead.gcm);
+  });
+
   it('getPreferredCipherSuite with AEAD - two keys - one without pref', async function() {
     const keys = await openpgp.readKeys({ armoredKeys: twoKeys });
     const key1 = keys[0];