diff --git a/kadmin/ank.c b/kadmin/ank.c
index fba3450aa..0c3781291 100644
--- a/kadmin/ank.c
+++ b/kadmin/ank.c
@@ -275,7 +275,7 @@ add_new_key(struct add_options *opt, int argc, char **argv)
         enctypes = krb5_config_get_string(context, NULL, "libdefaults",
                                           "supported_enctypes", NULL);
     if (enctypes == NULL || enctypes[0] == '\0')
-        enctypes = "aes128-cts-hmac-sha1-96";
+        enctypes = "aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192";
     ret = krb5_string_to_keysalts2(context, enctypes, &nkstuple, &kstuple);
     if (ret) {
         fprintf(stderr, "enctype(s) unknown\n");
@@ -505,7 +505,7 @@ add_new_namespace(struct add_namespace_options *opt, int argc, char **argv)
         enctypes = krb5_config_get_string(context, NULL, "libdefaults",
                                           "supported_enctypes", NULL);
     if (enctypes == NULL || enctypes[0] == '\0')
-        enctypes = "aes128-cts-hmac-sha1-96";
+        enctypes = "aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192";
     ret = krb5_string_to_keysalts2(context, enctypes, &nkstuple, &kstuple);
     if (ret) {
         fprintf(stderr, "enctype(s) unknown\n");
diff --git a/kadmin/ext.c b/kadmin/ext.c
index 5a8281a09..f6a811e0b 100644
--- a/kadmin/ext.c
+++ b/kadmin/ext.c
@@ -199,7 +199,7 @@ ext_keytab(struct ext_keytab_options *opt, int argc, char **argv)
         enctypes = krb5_config_get_string(context, NULL, "libdefaults",
                                           "supported_enctypes", NULL);
     if (enctypes == NULL || enctypes[0] == '\0')
-        enctypes = "aes128-cts-hmac-sha1-96";
+        enctypes = "aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192";
     ret = krb5_string_to_keysalts2(context, enctypes, &data.nkstuple,
                                    &data.kstuple);
     if (ret) {