diff --git a/doc/gpg.texi b/doc/gpg.texi
index 36aa18ef1..7ac1613f9 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1,4 +1,4 @@
-@c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ @c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
 @c               2008, 2009, 2010 Free Software Foundation, Inc.
 @c This is part of the GnuPG manual.
 @c For copying conditions, see the file gnupg.texi.
@@ -14,6 +14,19 @@
 @cindex command options
 @cindex options, GPG command
 
+@c Begin algorithm defaults
+
+@ifclear gpgtwoone
+@set DEFSYMENCALGO CAST5
+@end ifclear
+
+@ifset gpgtwoone
+@set DEFSYMENCALGO AES128
+@end ifset
+
+@c End algorithm defaults
+
+
 @c Begin GnuPG 1.x specific stuff
 @ifset gpgone
 @macro gpgname
@@ -217,7 +230,7 @@ decrypted via a secret key or a passphrase).
 @itemx -c
 @opindex symmetric
 Encrypt with a symmetric cipher using a passphrase. The default
-symmetric cipher used is CAST5, but may be chosen with the
+symmetric cipher used is @value{DEFSYMENCALGO}, but may be chosen with the
 @option{--cipher-algo} option. This option may be combined with
 @option{--sign} (for a signed and symmetrically encrypted message),
 @option{--encrypt} (for a message that may be decrypted via a secret key
@@ -2272,7 +2285,7 @@ to consider (e.g. @option{--symmetric}).
 @item --s2k-cipher-algo @code{name}
 @opindex s2k-cipher-algo
 Use @code{name} as the cipher algorithm used to protect secret keys.
-The default cipher is CAST5. This cipher is also used for
+The default cipher is @value{DEFSYMENCALGO}. This cipher is also used for
 conventional encryption if @option{--personal-cipher-preferences} and
 @option{--cipher-algo} is not given.
 
diff --git a/g10/gpg.c b/g10/gpg.c
index 7ba193b6f..ce1a87fbd 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2072,7 +2072,7 @@ main (int argc, char **argv)
     opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
     opt.s2k_mode = 3; /* iterated+salted */
     opt.s2k_count = 0; /* Auto-calibrate when needed.  */
-    opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
+    opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO;
     opt.completes_needed = 1;
     opt.marginals_needed = 3;
     opt.max_cert_depth = 5;
diff --git a/g10/main.h b/g10/main.h
index b2efaae3b..4eb1b5f31 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -26,11 +26,18 @@
 #include "util.h"
 
 /* It could be argued that the default cipher should be 3DES rather
-   than CAST5, and the default compression should be 0
+   than AES128, and the default compression should be 0
    (i.e. uncompressed) rather than 1 (zip).  However, the real world
    issues of speed and size come into play here. */
 
-#define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_CAST5
+#if GPG_USE_AES128
+# define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_AES
+#elif GPG_USE_CAST5
+# define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_CAST5
+#else
+# define DEFAULT_CIPHER_ALGO     CIPHER_ALGO_3DES
+#endif
+
 #define DEFAULT_DIGEST_ALGO     DIGEST_ALGO_SHA1
 #define DEFAULT_S2K_DIGEST_ALGO DIGEST_ALGO_SHA1
 #ifdef HAVE_ZIP