diff --git a/src/crypto/OlmDevice.js b/src/crypto/OlmDevice.js
index db5bbabbd..6594106d6 100644
--- a/src/crypto/OlmDevice.js
+++ b/src/crypto/OlmDevice.js
@@ -305,7 +305,7 @@ OlmDevice.prototype.generateOneTimeKeys = async function(numKeys) {
  * @param {string} theirOneTimeKey  remote user's one-time Curve25519 key
  * @return {string} sessionId for the outbound session.
  */
-OlmDevice.prototype.createOutboundSession = function(
+OlmDevice.prototype.createOutboundSession = async function(
     theirIdentityKey, theirOneTimeKey,
 ) {
     const self = this;
@@ -335,7 +335,7 @@ OlmDevice.prototype.createOutboundSession = function(
  * @raises {Error} if the received message was not valid (for instance, it
  *     didn't use a valid one-time key).
  */
-OlmDevice.prototype.createInboundSession = function(
+OlmDevice.prototype.createInboundSession = async function(
     theirDeviceIdentityKey, message_type, ciphertext,
 ) {
     if (message_type !== 0) {
diff --git a/src/crypto/algorithms/olm.js b/src/crypto/algorithms/olm.js
index 495b125e5..8842fcbda 100644
--- a/src/crypto/algorithms/olm.js
+++ b/src/crypto/algorithms/olm.js
@@ -298,7 +298,7 @@ OlmDecryption.prototype._decryptMessage = async function(
 
     let res;
     try {
-        res = this._olmDevice.createInboundSession(
+        res = await this._olmDevice.createInboundSession(
             theirDeviceIdentityKey, message.type, message.body,
         );
     } catch (e) {
diff --git a/src/crypto/olmlib.js b/src/crypto/olmlib.js
index 161d762f9..56799c513 100644
--- a/src/crypto/olmlib.js
+++ b/src/crypto/olmlib.js
@@ -228,7 +228,7 @@ async function _verifyKeyAndStartSession(olmDevice, oneTimeKey, userId, deviceIn
 
     let sid;
     try {
-        sid = olmDevice.createOutboundSession(
+        sid = await olmDevice.createOutboundSession(
             deviceInfo.getIdentityKey(), oneTimeKey.key,
         );
     } catch (e) {