diff --git a/TunnelKit/Sources/Core/CryptoAEAD.m b/TunnelKit/Sources/Core/CryptoAEAD.m
index a2b77f5..8208d65 100644
--- a/TunnelKit/Sources/Core/CryptoAEAD.m
+++ b/TunnelKit/Sources/Core/CryptoAEAD.m
@@ -129,7 +129,7 @@ static const NSInteger CryptoAEADTagLength = 16;
     int code = 1;
 
     assert(flags->adLength >= PacketIdLength);
-    memcpy(self.cipherIVEnc, flags->iv, flags->ivLength);
+    memcpy(self.cipherIVEnc, flags->iv, MIN(flags->ivLength, self.cipherIVLength));
 
     TUNNEL_CRYPTO_TRACK_STATUS(code) EVP_CipherInit(self.cipherCtxEnc, NULL, NULL, self.cipherIVEnc, -1);
     TUNNEL_CRYPTO_TRACK_STATUS(code) EVP_CipherUpdate(self.cipherCtxEnc, NULL, &x, flags->ad, (int)flags->adLength);
@@ -175,7 +175,7 @@ static const NSInteger CryptoAEADTagLength = 16;
     int code = 1;
     
     assert(flags->adLength >= PacketIdLength);
-    memcpy(self.cipherIVDec, flags->iv, flags->ivLength);
+    memcpy(self.cipherIVDec, flags->iv, MIN(flags->ivLength, self.cipherIVLength));
 
     TUNNEL_CRYPTO_TRACK_STATUS(code) EVP_CipherInit(self.cipherCtxDec, NULL, NULL, self.cipherIVDec, -1);
     TUNNEL_CRYPTO_TRACK_STATUS(code) EVP_CIPHER_CTX_ctrl(self.cipherCtxDec, EVP_CTRL_GCM_SET_TAG, CryptoAEADTagLength, (uint8_t *)bytes);