diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c
index dae9a4dc7..10225df74 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -534,7 +534,8 @@ METHOD(task_t, build_i, status_t,
 	/* if we are retrying after an INVALID_KE_PAYLOAD we already have one */
 	if (!this->dh)
 	{
-		if (this->old_sa)
+		if (this->old_sa && lib->settings->get_bool(lib->settings,
+								"%s.prefer_previous_dh_group", TRUE, lib->ns))
 		{	/* reuse the DH group we used for the old IKE_SA when rekeying */
 			proposal_t *proposal;
 			uint16_t dh_group;
diff --git a/src/libcharon/tests/suites/test_ike_rekey.c b/src/libcharon/tests/suites/test_ike_rekey.c
index ba39657a4..e22a0c288 100644
--- a/src/libcharon/tests/suites/test_ike_rekey.c
+++ b/src/libcharon/tests/suites/test_ike_rekey.c
@@ -138,6 +138,8 @@ START_TEST(test_regular_ke_invalid)
 
 	lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
 							TRUE, lib->ns);
+	lib->settings->set_bool(lib->settings, "%s.prefer_previous_dh_group",
+							FALSE, lib->ns);
 
 	initiate_rekey(a);
 
@@ -382,6 +384,8 @@ START_TEST(test_collision_ke_invalid)
 
 	lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
 							TRUE, lib->ns);
+	lib->settings->set_bool(lib->settings, "%s.prefer_previous_dh_group",
+							FALSE, lib->ns);
 
 	/* Six nonces and SPIs are needed (SPI 1 and 2 are used for the initial
 	 * IKE_SA):
@@ -591,6 +595,8 @@ START_TEST(test_collision_ke_invalid_delayed_retry)
 
 	lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
 							TRUE, lib->ns);
+	lib->settings->set_bool(lib->settings, "%s.prefer_previous_dh_group",
+							FALSE, lib->ns);
 
 	/* Five nonces and SPIs are needed (SPI 1 and 2 are used for the initial
 	 * IKE_SA):