diff --git a/src/sniffer.c b/src/sniffer.c
index 1b77ae962..2d915d9c2 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -1684,7 +1684,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port,
             /* auto detect key type with WC_PK_TYPE_NONE */
             /* keySz == 0 mean load file */
             ret = wolfSSL_CTX_set_ephemeral_key(sniffer->ctx, WC_PK_TYPE_NONE, 
-                keyFile, 0, type);
+                keyFile, keySz, type);
             if (ret == 0)
                 ret = WOLFSSL_SUCCESS;
         }
@@ -5716,8 +5716,21 @@ int ssl_SetWatchKey_buffer(void* vSniffer, const byte* key, word32 keySz,
     keyType = (keyType == FILETYPE_PEM) ? WOLFSSL_FILETYPE_PEM :
                                           WOLFSSL_FILETYPE_ASN1;
 
-    ret = wolfSSL_use_PrivateKey_buffer(sniffer->sslServer,
+#ifdef WOLFSSL_STATIC_EPHEMERAL
+    /* try setting static ephemeral first */
+    /* auto detect key type with WC_PK_TYPE_NONE */
+    ret = wolfSSL_set_ephemeral_key(sniffer->sslServer, 
+        WC_PK_TYPE_NONE, (const char*)key, keySz,
+            WOLFSSL_FILETYPE_ASN1);
+    if (ret == 0) {
+        ret = WOLFSSL_SUCCESS;
+    }
+    else
+#endif
+    {
+        ret = wolfSSL_use_PrivateKey_buffer(sniffer->sslServer,
             key, keySz, keyType);
+    }
     if (ret != WOLFSSL_SUCCESS) {
         SetError(KEY_FILE_STR, error, sniffer, FATAL_ERROR_STATE);
         return -1;
diff --git a/src/ssl.c b/src/ssl.c
index 579e13fcc..e86c52e12 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -53027,6 +53027,80 @@ static int SetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo,
 
     WOLFSSL_ENTER("SetStaticEphemeralKey");
 
+    /* if just free'ing key then skip loading */
+    if (key != NULL && keySz > 0) {
+    #ifndef NO_FILESYSTEM
+        /* load file from filesystem */
+        if (key && keySz == 0) {
+            size_t keyBufSz = 0;
+            keyFile = (const char*)key;
+            ret = wc_FileLoad(keyFile, &keyBuf, &keyBufSz, heap);
+            if (ret != 0) {
+                return ret;
+            }
+            keySz = (unsigned int)keyBufSz;
+        }
+        else
+    #endif
+        {
+            /* use as key buffer directly */
+            keyBuf = (byte*)key;
+        }
+
+        if (format == WOLFSSL_FILETYPE_PEM) {
+        #ifdef WOLFSSL_PEM_TO_DER
+            int keyFormat = 0;
+            ret = PemToDer(keyBuf, keySz, PRIVATEKEY_TYPE, &der, 
+                heap, NULL, &keyFormat);
+            /* auto detect key type */
+            if (ret == 0 && keyAlgo == WC_PK_TYPE_NONE) {
+                if (keyFormat == ECDSAk)
+                    keyAlgo = WC_PK_TYPE_ECDH;
+                else
+                    keyAlgo = WC_PK_TYPE_DH;
+            }
+        #else
+            ret = NOT_COMPILED_IN;
+        #endif
+        }
+        else {
+            /* Detect PK type (if required) */
+        #ifdef HAVE_ECC
+            if (keyAlgo == WC_PK_TYPE_NONE) {
+                word32 idx = 0;
+                ecc_key eccKey;
+                ret = wc_ecc_init_ex(&eccKey, heap, INVALID_DEVID);
+                if (ret == 0) {
+                    ret = wc_EccPrivateKeyDecode(keyBuf, &idx, &eccKey, keySz);
+                    if (ret == 0)
+                        keyAlgo = WC_PK_TYPE_ECDH;
+                    wc_ecc_free(&eccKey);
+                }
+            }
+        #endif
+        #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)
+            if (keyAlgo == WC_PK_TYPE_NONE) {
+                word32 idx = 0;
+                DhKey dhKey;
+                ret = wc_InitDhKey_ex(&dhKey, heap, INVALID_DEVID);
+                if (ret == 0) {
+                    ret = wc_DhKeyDecode(keyBuf, &idx, &dhKey, keySz);
+                    if (ret == 0)
+                        keyAlgo = WC_PK_TYPE_DH;
+                    wc_FreeDhKey(&dhKey);
+                }
+            }
+        #endif
+
+            if (keyAlgo != WC_PK_TYPE_NONE) {
+                ret = AllocDer(&der, keySz, PRIVATEKEY_TYPE, heap);
+                if (ret == 0) {
+                    XMEMCPY(der->buffer, keyBuf, keySz);
+                }
+            }
+        }
+    }
+
     /* if key is already set free it */
 #ifndef NO_DH
     if (keyAlgo == WC_PK_TYPE_DH && staticKE->dhKey && 
@@ -53039,52 +53113,6 @@ static int SetStaticEphemeralKey(StaticKeyExchangeInfo_t* staticKE, int keyAlgo,
         FreeDer(&staticKE->ecKey);
 #endif
 
-    /* check if just free'ing key */
-    if (key == NULL && keySz == 0) {
-        return 0;
-    }
-
-#ifndef NO_FILESYSTEM
-    /* load file from filesystem */
-    if (key && keySz == 0) {
-        size_t keyBufSz = 0;
-        keyFile = (const char*)key;
-        ret = wc_FileLoad(keyFile, &keyBuf, &keyBufSz, heap);
-        if (ret != 0) {
-            return ret;
-        }
-        keySz = (unsigned int)keyBufSz;
-    }
-    else
-#endif
-    {
-        /* use as key buffer directly */
-        keyBuf = (byte*)key;
-    }
-
-    if (format == WOLFSSL_FILETYPE_PEM) {
-    #ifdef WOLFSSL_PEM_TO_DER
-        int keyFormat = 0;
-        ret = PemToDer(keyBuf, keySz, PRIVATEKEY_TYPE, &der, 
-            heap, NULL, &keyFormat);
-        /* auto detect key type */
-        if (ret == 0 && keyAlgo == 0) {
-            if (keyFormat == ECDSAk)
-                keyAlgo = WC_PK_TYPE_ECDH;
-            else
-                keyAlgo = WC_PK_TYPE_DH;
-        }
-    #else
-        ret = NOT_COMPILED_IN;
-    #endif
-    }
-    else {
-        ret = AllocDer(&der, keySz, PRIVATEKEY_TYPE, heap);
-        if (ret == 0) {
-            XMEMCPY(der->buffer, keyBuf, keySz);
-        }
-    }
-
     switch (keyAlgo) {
     #ifndef NO_DH
         case WC_PK_TYPE_DH: