diff --git a/examples/server/server.c b/examples/server/server.c
index 379323d2c..6d05e4779 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -2824,11 +2824,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 #ifdef WOLFSSL_SNIFFER
     if (cipherList == NULL && version < 4) {
         /* static RSA or static ECC cipher suites */
-        const char* staticCipherList = "AES128-SHA:ECDH-ECDSA-AES128-SHA"
-        #if defined(HAVE_ARIA)
-            ":ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ECDSA-ARIA256-GCM-SHA384"
-        #endif
-        ;
+        const char* staticCipherList = "AES128-SHA:ECDH-ECDSA-AES128-SHA";
         if (SSL_CTX_set_cipher_list(ctx, staticCipherList) != WOLFSSL_SUCCESS) {
             err_sys_ex(runWithErrors, "server can't set cipher list 3");
         }
diff --git a/src/internal.c b/src/internal.c
index 980f16aea..bcb9e7ce4 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -17891,7 +17891,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
     #ifdef HAVE_ARIA
         case wolfssl_aria_gcm:
         {
-            const byte* additionalSrc = input - 5;
+            const byte* additionalSrc = input - RECORD_HEADER_SZ;
             byte *outBuf = NULL;
             XMEMSET(ssl->encrypt.additional, 0, AEAD_AUTH_DATA_SZ);
 
@@ -17923,13 +17923,13 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
                 break;
             }
             ret = wc_AriaEncrypt(ssl->encrypt.aria, outBuf,
-                        (byte*) input + AESGCM_EXP_IV_SZ,
-                        sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
-                        ssl->encrypt.nonce, AESGCM_NONCE_SZ,
-                        ssl->encrypt.additional, AEAD_AUTH_DATA_SZ,
-                        out + sz - ssl->specs.aead_mac_size,
-                        ssl->specs.aead_mac_size
-                        );
+                    (byte*) input + AESGCM_EXP_IV_SZ,
+                    sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
+                    ssl->encrypt.nonce, AESGCM_NONCE_SZ,
+                    ssl->encrypt.additional, AEAD_AUTH_DATA_SZ,
+                    out + sz - ssl->specs.aead_mac_size,
+                    ssl->specs.aead_mac_size
+                    );
             if (ret != 0)
                 break;
             XMEMCPY(out,
@@ -18409,6 +18409,8 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
                                 (byte *)input + sz - ssl->specs.aead_mac_size,
                                 ssl->specs.aead_mac_size
                                 );
+            if (ret != 0)
+                break;
             XMEMCPY(plain + AESGCM_EXP_IV_SZ,
                     outBuf,
                     sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size);
diff --git a/tests/api.c b/tests/api.c
index 885d4a684..60a19a654 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -51354,7 +51354,7 @@ static int test_wolfssl_EVP_aria_gcm(void)
     byte *iv = (byte*)"0123456789012345";
     int ivSz = ARIA_BLOCK_SIZE;
     /* Message to be encrypted */
-    int plaintxtSz = 40;
+    const int plaintxtSz = 40;
     byte plaintxt[WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(plaintxtSz)];
     XMEMCPY(plaintxt,"for things to change you have to change",plaintxtSz);
     /* Additional non-confidential data */
diff --git a/wolfcrypt/src/port/aria/aria-crypt.c b/wolfcrypt/src/port/aria/aria-crypt.c
index b958b410c..6a86efd94 100644
--- a/wolfcrypt/src/port/aria/aria-crypt.c
+++ b/wolfcrypt/src/port/aria/aria-crypt.c
@@ -32,12 +32,13 @@ size and a key size of 128, 192, or 256 bits.
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef HAVE_ARIA
+
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/ssl.h>
 #include <wolfssl/wolfcrypt/port/aria/aria-crypt.h>
 
-#ifdef HAVE_ARIA
-
 /* return 0 on success or WC_INIT_E on failure */
 int wc_AriaInitCrypt(wc_Aria* aria, MC_ALGID algo)
 {
diff --git a/wolfcrypt/src/port/aria/aria-cryptocb.c b/wolfcrypt/src/port/aria/aria-cryptocb.c
index b968d3072..b1cf45c41 100644
--- a/wolfcrypt/src/port/aria/aria-cryptocb.c
+++ b/wolfcrypt/src/port/aria/aria-cryptocb.c
@@ -32,13 +32,14 @@ size and a key size of 128, 192, or 256 bits.
 #endif
 
 #include <wolfssl/wolfcrypt/settings.h>
+
+#ifdef HAVE_ARIA
+
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/ssl.h>
 #include <wolfssl/wolfcrypt/asn_public.h>
 #include <wolfssl/wolfcrypt/port/aria/aria-cryptocb.h>
 
-#ifdef HAVE_ARIA
-
 int wc_AriaInit(void)
 {
     MC_RV rv = MC_OK;
@@ -247,7 +248,8 @@ int wc_AriaSign(byte* in, word32 inSz, byte* out, word32* outSz, ecc_key* key)
     return 0;
 }
 
-int wc_AriaVerify(byte* sig, word32 sigSz, byte* hash, word32 hashSz, int* res, ecc_key* key)
+int wc_AriaVerify(byte* sig, word32 sigSz, byte* hash, word32 hashSz,
+        int* res, ecc_key* key)
 {
     MC_HOBJECT hPubkey = 0;
     MC_HSESSION hSession = 0;
@@ -324,7 +326,8 @@ int wc_AriaVerify(byte* sig, word32 sigSz, byte* hash, word32 hashSz, int* res,
     return 0;
 }
 
-int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key, byte* out, word32* outSz)
+int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key,
+        byte* out, word32* outSz)
 {
     MC_HOBJECT hPrikey = 0;
     MC_HSESSION hSession = 0;
@@ -341,7 +344,8 @@ int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key, byte* out, word32*
 
     WOLFSSL_ENTER("AriaDerive");
 
-    if (private_key == NULL || public_key == NULL || out == NULL || outSz == NULL) {
+    if (private_key == NULL || public_key == NULL ||
+            out == NULL || outSz == NULL) {
         return BAD_FUNC_ARG;
     }
 
@@ -412,7 +416,8 @@ int wc_AriaDerive(ecc_key* private_key, ecc_key* public_key, byte* out, word32*
 }
 
 #ifdef WOLF_CRYPTO_CB
-    static void printOutput(const char* strName, unsigned char* data, unsigned int dataSz)
+    static void printOutput(const char* strName, unsigned char* data,
+            unsigned int dataSz)
     {
         #ifdef DEBUG_WOLFSSL
         WOLFSSL_MSG_EX("%s (%d):", strName,dataSz);