diff --git a/cli-kex.c b/cli-kex.c
index a4fa39abcc35b585844664548e84ae28507f05be..a59015791303a15fe664bec132b920615493d15e 100644
--- a/cli-kex.c
+++ b/cli-kex.c
@@ -177,8 +177,7 @@ void recv_msg_kexdh_reply() {
 	hostkey = NULL;
 
 	send_msg_newkeys();
-	ses.requirenext[0] = SSH_MSG_NEWKEYS;
-	ses.requirenext[1] = 0;
+	ses.requirenext = SSH_MSG_NEWKEYS;
 	TRACE(("leave recv_msg_kexdh_init"))
 }
 
diff --git a/common-kex.c b/common-kex.c
index 3c1e6044b7075e66ad69a58dba8fa110f259262c..9373aa245db2af9509a652a6e08d1a85572e29e0 100644
--- a/common-kex.c
+++ b/common-kex.c
@@ -525,7 +525,7 @@ void recv_msg_kexinit() {
 		/* I_S, the payload of the server's SSH_MSG_KEXINIT */
 	    buf_setpos(ses.payload, 0);
 	    buf_putstring(ses.kexhashbuf, ses.payload->data, ses.payload->len);
-		ses.requirenext[0] = SSH_MSG_KEXDH_REPLY;
+		ses.requirenext = SSH_MSG_KEXDH_REPLY;
 	} else {
 		/* SERVER */
 
@@ -545,7 +545,7 @@ void recv_msg_kexinit() {
 	    buf_putstring(ses.kexhashbuf,
 			ses.transkexinit->data, ses.transkexinit->len);
 
-		ses.requirenext[0] = SSH_MSG_KEXDH_INIT;
+		ses.requirenext = SSH_MSG_KEXDH_INIT;
 	}
 
 	buf_free(ses.transkexinit);
diff --git a/common-session.c b/common-session.c
index f4016b593c417dd950448637ada32d7512d174f4..40c66e856fca25861ae9b87154b82354df997ab8 100644
--- a/common-session.c
+++ b/common-session.c
@@ -82,7 +82,7 @@ void common_session_init(int sock_in, int sock_out) {
 
 	initqueue(&ses.writequeue);
 
-	ses.requirenext[0] = SSH_MSG_KEXINIT;
+	ses.requirenext = SSH_MSG_KEXINIT;
 	ses.dataallowed = 1; /* we can send data until we actually 
 							send the SSH_MSG_KEXINIT */
 	ses.ignorenext = 0;
diff --git a/debug.h b/debug.h
index 289c5773c8e88339b2aa9477602f6528a2f64f4f..be098657002b567b6e5b9223aaff42eaafd6ab4c 100644
--- a/debug.h
+++ b/debug.h
@@ -39,7 +39,7 @@
  * Caution: Don't use this in an unfriendly environment (ie unfirewalled),
  * since the printing may not sanitise strings etc. This will add a reasonable
  * amount to your executable size. */
-/* #define DEBUG_TRACE */
+#define DEBUG_TRACE
 
 /* All functions writing to the cleartext payload buffer call
  * CHECKCLEARTOWRITE() before writing. This is only really useful if you're
diff --git a/process-packet.c b/process-packet.c
index 97de2034ee3874cd3a2c971a3afc5f570e641d5b..1c2ca7be4e33cbfe0187a82e17f527ff76831d53 100644
--- a/process-packet.c
+++ b/process-packet.c
@@ -74,13 +74,11 @@ void process_packet() {
 
 	/* This applies for KEX, where the spec says the next packet MUST be
 	 * NEWKEYS */
-	if (ses.requirenext[0] != 0) {
-		if (ses.requirenext[0] == type || ses.requirenext[1] == type)
+	if (ses.requirenext != 0) {
+		if (ses.requirenext == type)
 		{
 			/* Got what we expected */
-			TRACE(("got expeced packet %d during kexinit", type))
-			ses.requirenext[0] = 0;
-			ses.requirenext[1] = 0;
+			TRACE(("got expected packet %d during kexinit", type))
 		}
 		else
 		{
@@ -99,8 +97,8 @@ void process_packet() {
 			else
 			{
 				TRACE(("disallowed packet during kexinit"))
-				dropbear_exit("Unexpected packet type %d, expected [%d,%d]", type,
-						ses.requirenext[0], ses.requirenext[1]);
+				dropbear_exit("Unexpected packet type %d, expected %d", type,
+						ses.requirenext);
 			}
 		}
 	}
@@ -113,6 +111,12 @@ void process_packet() {
 		goto out;
 	}
 
+	/* Only clear the flag after we have checked ignorenext */
+	if (ses.requirenext != 0 && ses.requirenext == type)
+	{
+		ses.requirenext = 0;
+	}
+
 
 	/* Kindly the protocol authors gave all the preauth packets type values
 	 * less-than-or-equal-to 60 ( == MAX_UNAUTH_PACKET_TYPE ).
diff --git a/session.h b/session.h
index 6a780fe1b38002178947153d3bbe96121d5a623f..b3477000c79e526d9bc7a08dae9a4846bc029dcc 100644
--- a/session.h
+++ b/session.h
@@ -135,9 +135,8 @@ struct sshsession {
 	unsigned dataallowed : 1; /* whether we can send data packets or we are in
 								 the middle of a KEX or something */
 
-	unsigned char requirenext[2]; /* bytes indicating what packets we require next, 
-									 or 0x00 for any. Second option can only be
-									 used if the first byte is also set */
+	unsigned char requirenext; /* byte indicating what packets we require next, 
+									 or 0x00 for any.  */
 
 	unsigned char ignorenext; /* whether to ignore the next packet,
 								 used for kex_follows stuff */
diff --git a/svr-kex.c b/svr-kex.c
index e42a67cd65e57892457e3ddbc4e54bf9a4b082c8..337c377a5347a14397dff7af4a878acd18d3309f 100644
--- a/svr-kex.c
+++ b/svr-kex.c
@@ -80,8 +80,7 @@ void recv_msg_kexdh_init() {
 	}
 
 	send_msg_newkeys();
-	ses.requirenext[0] = SSH_MSG_NEWKEYS;
-	ses.requirenext[1] = 0;
+	ses.requirenext = SSH_MSG_NEWKEYS;
 	TRACE(("leave recv_msg_kexdh_init"))
 }
 
diff --git a/sysoptions.h b/sysoptions.h
index 3bb8e92dc7866ccb3ae075b4a6cba25936dadbd5..189b158825a75bcf1a888e2b6fdc57061c6e4ed1 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -16,7 +16,7 @@
 #define KEX_REKEY_TIMEOUT (3600 * 8)
 #endif
 #ifndef KEX_REKEY_DATA
-#define KEX_REKEY_DATA (1<<30) /* 2^30 == 1GB, this value must be < INT_MAX */
+#define KEX_REKEY_DATA (1<<20) /* 2^30 == 1GB, this value must be < INT_MAX */
 #endif
 /* Close connections to clients which haven't authorised after AUTH_TIMEOUT */
 #ifndef AUTH_TIMEOUT