diff --git a/API.txt b/API.txt
index 989221133..2bd1cc217 100644
--- a/API.txt
+++ b/API.txt
@@ -6666,7 +6666,7 @@ option: Flag('shared?', autofill=True, default=False)
 option: Str('username?', cli_name='user')
 option: Bytes('vault_data')
 option: Str('version?')
-option: StrEnum('wrapping_algo?', autofill=True, default=u'aes-128-cbc', values=[u'aes-128-cbc', u'des-ede3-cbc'])
+option: StrEnum('wrapping_algo?', autofill=True, default=u'des-ede3-cbc', values=[u'aes-128-cbc', u'des-ede3-cbc'])
 output: Entry('result')
 output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
 output: PrimaryKey('value')
@@ -6766,7 +6766,7 @@ option: Bytes('session_key')
 option: Flag('shared?', autofill=True, default=False)
 option: Str('username?', cli_name='user')
 option: Str('version?')
-option: StrEnum('wrapping_algo?', autofill=True, default=u'aes-128-cbc', values=[u'aes-128-cbc', u'des-ede3-cbc'])
+option: StrEnum('wrapping_algo?', autofill=True, default=u'des-ede3-cbc', values=[u'aes-128-cbc', u'des-ede3-cbc'])
 output: Entry('result')
 output: Output('summary', type=[<type 'unicode'>, <type 'NoneType'>])
 output: PrimaryKey('value')
diff --git a/VERSION.m4 b/VERSION.m4
index 7d60b0132..b4b17740c 100644
--- a/VERSION.m4
+++ b/VERSION.m4
@@ -86,8 +86,8 @@ define(IPA_DATA_VERSION, 20100614120000)
 #                                                      #
 ########################################################
 define(IPA_API_VERSION_MAJOR, 2)
-# Last change: deprecate idnssoaserial in dnszone.
-define(IPA_API_VERSION_MINOR, 250)
+# Last change: fix vault interoperability issues.
+define(IPA_API_VERSION_MINOR, 251)
 
 ########################################################
 # Following values are auto-generated from values above
diff --git a/ipaclient/plugins/vault.py b/ipaclient/plugins/vault.py
index 115171c77..d4c84eb6b 100644
--- a/ipaclient/plugins/vault.py
+++ b/ipaclient/plugins/vault.py
@@ -687,7 +687,7 @@ class ModVaultData(Local):
         default_algo = config.get('wrapping_default_algorithm')
         if default_algo is None:
             # old server
-            wrapping_algo = constants.VAULT_WRAPPING_AES128_CBC
+            wrapping_algo = constants.VAULT_WRAPPING_3DES
         elif default_algo in constants.VAULT_WRAPPING_SUPPORTED_ALGOS:
             # try to use server default
             wrapping_algo = default_algo
@@ -801,7 +801,8 @@ class vault_archive(ModVaultData):
             if option.name not in ('nonce',
                                    'session_key',
                                    'vault_data',
-                                   'version'):
+                                   'version',
+                                   'wrapping_algo'):
                 yield option
         for option in super(vault_archive, self).get_options():
             yield option
@@ -1053,7 +1054,7 @@ class vault_retrieve(ModVaultData):
 
     def get_options(self):
         for option in self.api.Command.vault_retrieve_internal.options():
-            if option.name not in ('session_key', 'version'):
+            if option.name not in ('session_key', 'version', 'wrapping_algo'):
                 yield option
         for option in super(vault_retrieve, self).get_options():
             yield option
diff --git a/ipaserver/plugins/vault.py b/ipaserver/plugins/vault.py
index 4d40f66c6..574c83a9a 100644
--- a/ipaserver/plugins/vault.py
+++ b/ipaserver/plugins/vault.py
@@ -1051,7 +1051,7 @@ class vault_archive_internal(PKQuery):
             'wrapping_algo?',
             doc=_('Key wrapping algorithm'),
             values=VAULT_WRAPPING_SUPPORTED_ALGOS,
-            default=VAULT_WRAPPING_DEFAULT_ALGO,
+            default=VAULT_WRAPPING_3DES,
             autofill=True,
         ),
     )
@@ -1130,7 +1130,7 @@ class vault_retrieve_internal(PKQuery):
             'wrapping_algo?',
             doc=_('Key wrapping algorithm'),
             values=VAULT_WRAPPING_SUPPORTED_ALGOS,
-            default=VAULT_WRAPPING_DEFAULT_ALGO,
+            default=VAULT_WRAPPING_3DES,
             autofill=True,
         ),
     )