diff --git a/internal/integration/client_side_encryption_prose_test.go b/internal/integration/client_side_encryption_prose_test.go
index 29218284cb..1fe0aad9b8 100644
--- a/internal/integration/client_side_encryption_prose_test.go
+++ b/internal/integration/client_side_encryption_prose_test.go
@@ -3111,7 +3111,7 @@ func TestClientSideEncryptionProse(t *testing.T) {
 
 				ceo := options.ClientEncryption().
 					SetKeyVaultNamespace(kvNamespace).
-					SetKmsProviders(fullKmsProvidersMap).
+					SetKmsProviders(kmsProviders).
 					SetTLSConfig(map[string]*tls.Config{dataKey.provider: tlsCfg})
 				clientEncryption, err := mongo.NewClientEncryption(keyVaultClient, ceo)
 				require.NoError(mt, err, "error on NewClientEncryption: %v", err)
diff --git a/x/mongo/driver/crypt.go b/x/mongo/driver/crypt.go
index 5a94d298cc..7a51b7a4b9 100644
--- a/x/mongo/driver/crypt.go
+++ b/x/mongo/driver/crypt.go
@@ -398,10 +398,7 @@ func (c *crypt) decryptKey(kmsCtx *mongocrypt.KmsContext) error {
 		res := make([]byte, bytesNeeded)
 		bytesRead, err := conn.Read(res)
 		if err != nil {
-			if kmsCtx.Fail() {
-				err = nil
-			}
-			return err
+			return kmsCtx.RequestError()
 		}
 
 		if err = kmsCtx.FeedResponse(res[:bytesRead]); err != nil {
diff --git a/x/mongo/driver/mongocrypt/mongocrypt_kms_context.go b/x/mongo/driver/mongocrypt/mongocrypt_kms_context.go
index d3b028f777..49baa37f2e 100644
--- a/x/mongo/driver/mongocrypt/mongocrypt_kms_context.go
+++ b/x/mongo/driver/mongocrypt/mongocrypt_kms_context.go
@@ -78,7 +78,10 @@ func (kc *KmsContext) createErrorFromStatus() error {
 	return errorFromStatus(status)
 }
 
-// Fail returns a boolean indicating whether the failed request may be retried.
-func (kc *KmsContext) Fail() bool {
-	return bool(C.mongocrypt_kms_ctx_fail(kc.wrapped))
+// RequestError returns the source of the network error for KMS requests.
+func (kc *KmsContext) RequestError() error {
+	if bool(C.mongocrypt_kms_ctx_fail(kc.wrapped)) {
+		return nil
+	}
+	return kc.createErrorFromStatus()
 }
diff --git a/x/mongo/driver/mongocrypt/mongocrypt_kms_context_not_enabled.go b/x/mongo/driver/mongocrypt/mongocrypt_kms_context_not_enabled.go
index 608d3784f1..7968897648 100644
--- a/x/mongo/driver/mongocrypt/mongocrypt_kms_context_not_enabled.go
+++ b/x/mongo/driver/mongocrypt/mongocrypt_kms_context_not_enabled.go
@@ -38,7 +38,7 @@ func (kc *KmsContext) FeedResponse([]byte) error {
 	panic(cseNotSupportedMsg)
 }
 
-// Fail returns a boolean indicating whether the failed request may be retried.
-func (kc *KmsContext) Fail() bool {
+// RequestError returns the source of the network error for KMS requests.
+func (kc *KmsContext) RequestError() error {
 	panic(cseNotSupportedMsg)
 }