diff --git a/configure.ac b/configure.ac
index be2811325..36d1794df 100644
--- a/configure.ac
+++ b/configure.ac
@@ -327,6 +327,12 @@ AC_ARG_ENABLE([sniffer],
    [ ENABLED_SNIFFER=no ]
    )
 
+# sniffer does't work in maxstrength mode
+if test "$ENABLED_SNIFFER" = "yes" && test "$ENABLED_MAXSTRENGTH" = "yes"
+then
+    AC_MSG_ERROR([cannot enable maxstrength in sniffer mode.])
+fi
+
 ENABLED_SNIFFTEST=no
 AS_IF([ test "x$ENABLED_SNIFFER" = "xyes" ],
       [
diff --git a/examples/client/client.c b/examples/client/client.c
index 7c14d2980..d7a5e82e9 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -566,7 +566,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
 #endif
 
-#if defined(WOLFSSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
+#if defined(WOLFSSL_SNIFFER)
     if (cipherList == NULL) {
         /* don't use EDH, can't sniff tmp keys */
         if (wolfSSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS) {
@@ -607,10 +607,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     }
 
     if (!usePsk && !useAnon) {
-        if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert, 0) != SSL_SUCCESS)
-                err_sys("can't load ca file, Please run from wolfSSL home dir");
+        if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert,0) != SSL_SUCCESS)
+            err_sys("can't load ca file, Please run from wolfSSL home dir");
+#ifdef HAVE_ECC
+        /* load ecc verify too, echoserver uses it by default w/ ecc */
+        if (wolfSSL_CTX_load_verify_locations(ctx, eccCert, 0) != SSL_SUCCESS)
+            err_sys("can't load ecc ca file, Please run from wolfSSL home dir");
+#endif /* HAVE_ECC */
     }
-#endif
+#endif /* !NO_FILESYSTEM && !NO_CERTS */
 #if !defined(NO_CERTS)
     if (!usePsk && !useAnon && doPeerCheck == 0)
         wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c
index 5751622d5..ff754b7e8 100644
--- a/examples/echoclient/echoclient.c
+++ b/examples/echoclient/echoclient.c
@@ -130,7 +130,7 @@ void echoclient_test(void* args)
         load_buffer(ctx, caCert, CYASSL_CA);
 #endif
 
-#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
+#if defined(CYASSL_SNIFFER)
     /* don't use EDH, can't sniff tmp keys */
     SSL_CTX_set_cipher_list(ctx, "AES256-SHA");
 #endif
diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index 680c11d5e..49b3933d2 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -160,7 +160,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
                 != SSL_SUCCESS)
             err_sys("can't load ntru key file, "
                     "Please run from wolfSSL home dir");
-    #elif defined(HAVE_ECC)
+    #elif defined(HAVE_ECC) && !defined(CYASSL_SNIFFER)
         /* ecc */
         if (CyaSSL_CTX_use_certificate_file(ctx, eccCert, SSL_FILETYPE_PEM)
                 != SSL_SUCCESS)
@@ -193,7 +193,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
     }
 #endif
 
-#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
+#if defined(CYASSL_SNIFFER)
     /* don't use EDH, can't sniff tmp keys */
     CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA");
 #endif
diff --git a/examples/server/server.c b/examples/server/server.c
index 9c74b26d9..df248dd6e 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -485,7 +485,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
     }
 #endif
 
-#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
+#if defined(CYASSL_SNIFFER)
     /* don't use EDH, can't sniff tmp keys */
     if (cipherList == NULL) {
         if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA256") != SSL_SUCCESS)