diff --git a/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillMonitorJob.java b/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillMonitorJob.java
index fbf68fb2f6f1cb8f541703e0c573625d735c09a3..6c8ee1439b9ea81216b69e9ca22d1ae16f1aab30 100644
--- a/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillMonitorJob.java
+++ b/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillMonitorJob.java
@@ -6,6 +6,7 @@ import net.i2p.crypto.EncType;
 import net.i2p.crypto.SigType;
 import net.i2p.data.Hash;
 import net.i2p.data.router.RouterAddress;
+import net.i2p.data.router.RouterIdentity;
 import net.i2p.data.router.RouterInfo;
 import net.i2p.router.Job;
 import net.i2p.router.JobImpl;
@@ -141,8 +142,11 @@ class FloodfillMonitorJob extends JobImpl {
         if (ri == null)
             return false;
 
+        RouterIdentity ident = ri.getIdentity();
+        if (ident.getSigningPublicKey().getType() == SigType.DSA_SHA1)
+            return false;
         // temp until router ratchet SKM implemented
-        if (ri.getIdentity().getPublicKey().getType() != EncType.ELGAMAL_2048)
+        if (ident.getPublicKey().getType() != EncType.ELGAMAL_2048)
             return false;
 
         char bw = ri.getBandwidthTier().charAt(0);
diff --git a/router/java/src/net/i2p/router/networkdb/kademlia/IterativeSearchJob.java b/router/java/src/net/i2p/router/networkdb/kademlia/IterativeSearchJob.java
index 563a83adcda297716d97837f50d7b00ef2dbe557..2c6a6e73ef8bbcb9336141267c3d1d93a473cd90 100644
--- a/router/java/src/net/i2p/router/networkdb/kademlia/IterativeSearchJob.java
+++ b/router/java/src/net/i2p/router/networkdb/kademlia/IterativeSearchJob.java
@@ -122,9 +122,6 @@ public class IterativeSearchJob extends FloodSearchJob {
             !SystemVersion.isApache() && !SystemVersion.isGNU() &&
             NativeBigInteger.isNative();
 
-    //private static final String MIN_QUERY_VERSION = SigType.EdDSA_SHA512_Ed25519.getSupportedSince();
-    private static final String MIN_QUERY_VERSION = StoreJob.MIN_STORE_VERSION;
-
     /**
      *  Lookup using exploratory tunnels
      */
@@ -323,12 +320,10 @@ public class IterativeSearchJob extends FloodSearchJob {
                 // querying old floodfills that don't know about those sig types.
                 // This is also more recent than the version that supports encrypted replies,
                 // so we won't request unencrypted replies anymore either.
-                String v = ri.getVersion();
-                String since = MIN_QUERY_VERSION;
-                if (VersionComparator.comp(v, since) < 0) {
+                if (!StoreJob.shouldStoreTo(ri)) {
                     failed(peer, false);
                     if (_log.shouldInfo())
-                        _log.info(getJobId() + ": not sending query to old version " + v + ": " + peer);
+                        _log.info(getJobId() + ": not sending query to old router: " + ri);
                     return;
                 }
             }
diff --git a/router/java/src/net/i2p/router/networkdb/kademlia/StoreJob.java b/router/java/src/net/i2p/router/networkdb/kademlia/StoreJob.java
index 61fe6d659356f7255236495394c956a32a9f07fa..a56ad93f1d1d7a32be5b2640601a62760d940390 100644
--- a/router/java/src/net/i2p/router/networkdb/kademlia/StoreJob.java
+++ b/router/java/src/net/i2p/router/networkdb/kademlia/StoreJob.java
@@ -24,6 +24,7 @@ import net.i2p.data.router.RouterInfo;
 import net.i2p.data.TunnelId;
 import net.i2p.data.i2np.DatabaseStoreMessage;
 import net.i2p.data.i2np.I2NPMessage;
+import net.i2p.data.router.RouterIdentity;
 import net.i2p.kademlia.KBucketSet;
 import net.i2p.router.Job;
 import net.i2p.router.JobImpl;
@@ -630,7 +631,15 @@ abstract class StoreJob extends JobImpl {
      */
     static boolean shouldStoreTo(RouterInfo ri) {
         String v = ri.getVersion();
-        return VersionComparator.comp(v, MIN_STORE_VERSION) >= 0;
+        if (VersionComparator.comp(v, MIN_STORE_VERSION) < 0)
+            return false;
+        RouterIdentity ident = ri.getIdentity();
+        if (ident.getSigningPublicKey().getType() == SigType.DSA_SHA1)
+            return false;
+        // temp until router ratchet SKM implemented
+        if (ident.getPublicKey().getType() != EncType.ELGAMAL_2048)
+            return false;
+        return true;
     }
 
     /** @since 0.9.38 */
diff --git a/router/java/src/net/i2p/router/tunnel/pool/TunnelPeerSelector.java b/router/java/src/net/i2p/router/tunnel/pool/TunnelPeerSelector.java
index 9d6f69a9d36b8283e2fbc0f516463cfc0255159f..da6b1c47afd9978144e13969dd5a0afd6dd32294 100644
--- a/router/java/src/net/i2p/router/tunnel/pool/TunnelPeerSelector.java
+++ b/router/java/src/net/i2p/router/tunnel/pool/TunnelPeerSelector.java
@@ -18,6 +18,7 @@ import net.i2p.crypto.SigType;
 import net.i2p.data.DataFormatException;
 import net.i2p.data.DataHelper;
 import net.i2p.data.Hash;
+import net.i2p.data.router.RouterIdentity;
 import net.i2p.data.router.RouterInfo;
 import net.i2p.router.LeaseSetKeys;
 import net.i2p.router.Router;
@@ -485,7 +486,10 @@ public abstract class TunnelPeerSelector extends ConnectChecker {
             maxLen++;
         if (cap.length() <= maxLen)
             return true;
-        EncType type = peer.getIdentity().getPublicKey().getType();
+        RouterIdentity ident = peer.getIdentity();
+        if (ident.getSigningPublicKey().getType() == SigType.DSA_SHA1)
+            return true;
+        EncType type = ident.getPublicKey().getType();
         if (!LeaseSetKeys.SET_BOTH.contains(type))
             return true;