diff --git a/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java b/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java
index 383da19ff..c278fc6cd 100644
--- a/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java
+++ b/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java
@@ -85,9 +85,9 @@ class IntroductionManager {
     private final UDPTransport _transport;
     private final PacketBuilder _builder;
     private final PacketBuilder2 _builder2;
-    /** map of relay tag to PeerState that should receive the introduction */
+    /** map of relay tag to Charlie PeerState that should receive the introduction (we are Bob) */
     private final Map<Long, PeerState> _outbound;
-    /** map of relay tag to PeerState who have given us introduction tags */
+    /** map of relay tag to Bob PeerState who have given us introduction tags (we are Charlie) */
     private final Map<Long, PeerState> _inbound;
     /** map of relay nonce to alice PeerState who requested it */
     private final ConcurrentHashMap<Long, PeerState2> _nonceToAlice;
@@ -252,7 +252,7 @@ class IntroductionManager {
                         _log.info("Reusing introducer: " + ua.getIntroducerHost(i));
                 } else {
                     // SSU 2
-                    if (ssu2count >= 2)
+                    if (_builder != null && ssu2count >= 2)
                         continue;
                     intro = new Introducer(ua.getIntroducerHash(i), tag, sexp);
                     ssu2count++;
@@ -277,7 +277,7 @@ class IntroductionManager {
                     if (b64.equals(intro.shash))
                         continue outerloop;
                 }
-                if (ssu2count >= 2)
+                if (_builder != null && ssu2count >= 2)
                     continue;
             }
             RouterInfo ri = _context.netDb().lookupRouterInfoLocally(hash);
diff --git a/router/java/src/net/i2p/router/transport/udp/UDPTransport.java b/router/java/src/net/i2p/router/transport/udp/UDPTransport.java
index e253963ba..81bb5e632 100644
--- a/router/java/src/net/i2p/router/transport/udp/UDPTransport.java
+++ b/router/java/src/net/i2p/router/transport/udp/UDPTransport.java
@@ -330,6 +330,7 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
 
 
     /**
+     *  @param dh non-null to enable SSU1
      *  @param xdh non-null to enable SSU2
      */
     public UDPTransport(RouterContext ctx, DHSessionKeyBuilder.Factory dh, X25519KeyFactory xdh) {
@@ -361,7 +362,7 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
             _cachedBid[i] = new SharedBid(BID_VALUES[i]);
         }
 
-        _packetBuilder = new PacketBuilder(_context, this);
+        _packetBuilder = (dh != null) ? new PacketBuilder(_context, this) : null;
         _packetBuilder2 = (xdh != null) ? new PacketBuilder2(_context, this) : null;
         _fragments = new OutboundMessageFragments(_context, this, _activeThrottle);
         _inboundFragments = new InboundMessageFragments(_context, _fragments, this);
@@ -377,7 +378,7 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
         _v4IntroducersSelectedOn = -1;
         _v6IntroducersSelectedOn = -1;
         _lastInboundReceivedOn = -1;
-        _hmac = new SSUHMACGenerator();
+        _hmac = (dh != null) ? new SSUHMACGenerator() : null;
         _mtu = PeerState.LARGE_MTU;
         _mtu_ipv6 = PeerState.MIN_IPV6_MTU;
         setupPort();
@@ -532,22 +533,24 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
         
         if (_log.shouldLog(Log.WARN)) _log.warn("Starting SSU transport listening");
 
-        // set up random intro key, as of 0.9.48
-        byte[] ikey = new byte[SessionKey.KEYSIZE_BYTES];
-        _introKey = new SessionKey(ikey);
-        String sikey = _context.getProperty(PROP_INTRO_KEY);
-        if (sikey != null &&
-            _context.getEstimatedDowntime() < MIN_DOWNTIME_TO_REKEY) {
-            byte[] saved = Base64.decode(sikey);
-            if (saved != null && saved.length == SessionKey.KEYSIZE_BYTES) {
-                System.arraycopy(saved, 0, ikey, 0, SessionKey.KEYSIZE_BYTES);
+        if (_enableSSU1) {
+            // set up random intro key, as of 0.9.48
+            byte[] ikey = new byte[SessionKey.KEYSIZE_BYTES];
+            _introKey = new SessionKey(ikey);
+            String sikey = _context.getProperty(PROP_INTRO_KEY);
+            if (sikey != null &&
+                _context.getEstimatedDowntime() < MIN_DOWNTIME_TO_REKEY) {
+                byte[] saved = Base64.decode(sikey);
+                if (saved != null && saved.length == SessionKey.KEYSIZE_BYTES) {
+                    System.arraycopy(saved, 0, ikey, 0, SessionKey.KEYSIZE_BYTES);
+                } else {
+                    _context.random().nextBytes(ikey);
+                    _context.router().saveConfig(PROP_INTRO_KEY, Base64.encode(ikey));
+                }
             } else {
                 _context.random().nextBytes(ikey);
                 _context.router().saveConfig(PROP_INTRO_KEY, Base64.encode(ikey));
             }
-        } else {
-            _context.random().nextBytes(ikey);
-            _context.router().saveConfig(PROP_INTRO_KEY, Base64.encode(ikey));
         }
         
         // bind host
@@ -899,8 +902,8 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
     }
     
     /**
-     * Introduction key that people should use to contact us
-     *
+     * Introduction key that people should use to contact us,
+     * or null if SSU1 disabled.
      */
     SessionKey getIntroKey() { return _introKey; }
 
@@ -2904,7 +2907,7 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
         if (directIncluded || introducersIncluded) {
             // This is called via TransportManager.configTransports() before startup(), prevent NPE
             // Note that peers won't connect to us without this - see EstablishmentManager
-            if (_introKey != null)
+            if (_enableSSU1 && _introKey != null)
                 options.setProperty(UDPAddress.PROP_INTRO_KEY, _introKey.toBase64());
 
             // SSU seems to regulate at about 85%, so make it a little higher.
@@ -3528,15 +3531,15 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
     }
     
     /**
-     *  @return a new DHSessionKeyBuilder
+     *  @return a new DHSessionKeyBuilder, or null if SSU1 disabled
      *  @since 0.9
      */
     DHSessionKeyBuilder getDHBuilder() {
-        return _dhFactory.getBuilder();
+        return _enableSSU1 ? _dhFactory.getBuilder() : null;
     }
     
     /**
-     *  @return the factory
+     *  @return the factory, or null if SSU1 disabled
      *  @since 0.9.2
      */
     DHSessionKeyBuilder.Factory getDHFactory() {
@@ -3552,7 +3555,7 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
     }
     
     /**
-     *  @return the SSU HMAC
+     *  @return the SSU HMAC, or null if SSU1 disabled
      *  @since 0.9.42
      */
     HMACGenerator getHMAC() {
@@ -3560,7 +3563,7 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
     }
     
     /**
-     *  @return the PacketBuilder
+     *  @return the PacketBuilder, or null if SSU1 disabled
      *  @since 0.9.52
      */
     PacketBuilder getBuilder() {