diff --git a/src/aead.c b/src/aead.c
index 2493fb43..1e353a50 100644
--- a/src/aead.c
+++ b/src/aead.c
@@ -399,9 +399,7 @@ aead_encrypt_all(buffer_t *plaintext, cipher_t *cipher, size_t capacity)
     ciphertext->len = tag_len + plaintext->len;
 
     // generate nonce
-    uint8_t nonce[MAX_NONCE_LENGTH];
-    rand_bytes(nonce, nonce_len);
-
+    uint8_t *nonce = cipher_ctx.nonce;
     /* copy nonce to first pos */
     memcpy(ciphertext->data, nonce, nonce_len);
 
@@ -460,7 +458,7 @@ aead_decrypt_all(buffer_t *ciphertext, cipher_t *cipher, size_t capacity)
     plaintext->len = ciphertext->len - nonce_len - tag_len;
 
     /* get nonce */
-    uint8_t nonce[MAX_NONCE_LENGTH];
+    uint8_t *nonce = cipher_ctx.nonce;
     memcpy(nonce, ciphertext->data, nonce_len);
 
     size_t plen = plaintext->len;
diff --git a/src/local.c b/src/local.c
index 4f417c40..58c09427 100644
--- a/src/local.c
+++ b/src/local.c
@@ -675,9 +675,11 @@ server_recv_cb(EV_P_ ev_io *w, int revents)
                     int err;
                     struct sockaddr_storage storage;
                     memset(&storage, 0, sizeof(struct sockaddr_storage));
+#ifndef ANDROID
                     if (sni_detected || atyp == 3)
                        err = get_sockaddr(host, port, &storage, 0, ipv6first);
                     else
+#endif
                        err = get_sockaddr(ip, port, &storage, 0, ipv6first);
                     if (err != -1) {
                         remote = create_remote(server->listener, (struct sockaddr *)&storage);
diff --git a/src/stream.c b/src/stream.c
index ee82f69f..f80d5732 100644
--- a/src/stream.c
+++ b/src/stream.c
@@ -325,9 +325,7 @@ stream_encrypt_all(buffer_t *plaintext, cipher_t *cipher, size_t capacity)
     buffer_t *ciphertext = &tmp;
     ciphertext->len = plaintext->len;
 
-    uint8_t nonce[MAX_NONCE_LENGTH];
-
-    rand_bytes(nonce, nonce_len);
+    uint8_t *nonce = cipher_ctx.nonce;
     cipher_ctx_set_nonce(&cipher_ctx, nonce, nonce_len, 1);
     memcpy(ciphertext->data, nonce, nonce_len);
 
@@ -449,7 +447,7 @@ stream_decrypt_all(buffer_t *ciphertext, cipher_t *cipher, size_t capacity)
     buffer_t *plaintext = &tmp;
     plaintext->len = ciphertext->len - nonce_len;
 
-    uint8_t nonce[MAX_NONCE_LENGTH];
+    uint8_t *nonce = cipher_ctx.nonce;
     memcpy(nonce, ciphertext->data, nonce_len);
     cipher_ctx_set_nonce(&cipher_ctx, nonce, nonce_len, 0);