diff --git a/include/cyassl_int.h b/include/cyassl_int.h
index fa59cae3b..fba5765c5 100644
--- a/include/cyassl_int.h
+++ b/include/cyassl_int.h
@@ -145,6 +145,10 @@ void c32to24(word32 in, word24 out);
 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && defined(OPENSSL_EXTRA)
     #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
     #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+    #if !defined (NO_SHA256)
+        #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+        #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+    #endif
 #endif
 
 #if defined(HAVE_ECC) && !defined(NO_TLS)
@@ -225,14 +229,16 @@ enum {
     TLS_RSA_WITH_RABBIT_CBC_SHA       = 0xFD,
 
     /* CyaSSL extension - NTRU */
-    TLS_NTRU_RSA_WITH_RC4_128_SHA      = 0x65,
-    TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0x66,
-    TLS_NTRU_RSA_WITH_AES_128_CBC_SHA  = 0x67,
-    TLS_NTRU_RSA_WITH_AES_256_CBC_SHA  = 0x68,
+    TLS_NTRU_RSA_WITH_RC4_128_SHA      = 0xe5,
+    TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
+    TLS_NTRU_RSA_WITH_AES_128_CBC_SHA  = 0xe7,  /* clases w/ official SHA-256 */
+    TLS_NTRU_RSA_WITH_AES_256_CBC_SHA  = 0xe8,
 
     /* SHA256 */
-    TLS_RSA_WITH_AES_256_CBC_SHA256    = 0x3d,
-    TLS_RSA_WITH_AES_128_CBC_SHA256    = 0x3c
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
+    TLS_RSA_WITH_AES_256_CBC_SHA256     = 0x3d,
+    TLS_RSA_WITH_AES_128_CBC_SHA256     = 0x3c
 };
 
 
diff --git a/src/cyassl_int.c b/src/cyassl_int.c
index 48be476cc..00a83fe53 100644
--- a/src/cyassl_int.c
+++ b/src/cyassl_int.c
@@ -497,6 +497,20 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
     }
 #endif
 
+#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+    if (tls1_2 && haveDH && haveRSA) {
+        suites->suites[idx++] = 0; 
+        suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256;
+    }
+#endif
+
+#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+    if (tls1_2 && haveDH && haveRSA) {
+        suites->suites[idx++] = 0; 
+        suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256;
+    }
+#endif
+
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
     if (tls && haveDH && haveRSA) {
         suites->suites[idx++] = 0; 
@@ -3283,6 +3297,14 @@ const char* const cipher_names[] =
 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
     "AES256-SHA256",
 #endif
+
+#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+    "DHE-RSA-AES128-SHA256",
+#endif
+
+#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+    "DHE-RSA-AES256-SHA256"
+#endif
 };
 
 
@@ -3394,6 +3416,14 @@ int cipher_name_idx[] =
 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
     TLS_RSA_WITH_AES_256_CBC_SHA256,
 #endif
+
+#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,    
+#endif
+
+#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+#endif
 };
 
 
diff --git a/src/keys.c b/src/keys.c
index 77b74af03..4560aee54 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -374,6 +374,38 @@ int SetCipherSpecs(SSL* ssl)
         break;
 #endif
 
+#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+    case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
+        ssl->specs.bulk_cipher_algorithm = aes;
+        ssl->specs.cipher_type           = block;
+        ssl->specs.mac_algorithm         = sha256_mac;
+        ssl->specs.kea                   = diffie_hellman_kea;
+        ssl->specs.sig_algo              = rsa_sa_algo;
+        ssl->specs.hash_size             = SHA256_DIGEST_SIZE;
+        ssl->specs.pad_size              = PAD_SHA;
+        ssl->specs.key_size              = AES_128_KEY_SIZE;
+        ssl->specs.block_size            = AES_BLOCK_SIZE;
+        ssl->specs.iv_size               = AES_IV_SIZE;
+
+        break;
+#endif
+
+#ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+    case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
+        ssl->specs.bulk_cipher_algorithm = aes;
+        ssl->specs.cipher_type           = block;
+        ssl->specs.mac_algorithm         = sha256_mac;
+        ssl->specs.kea                   = diffie_hellman_kea;
+        ssl->specs.sig_algo              = rsa_sa_algo;
+        ssl->specs.hash_size             = SHA256_DIGEST_SIZE;
+        ssl->specs.pad_size              = PAD_SHA;
+        ssl->specs.key_size              = AES_256_KEY_SIZE;
+        ssl->specs.block_size            = AES_BLOCK_SIZE;
+        ssl->specs.iv_size               = AES_IV_SIZE;
+
+        break;
+#endif
+
 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
     case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
         ssl->specs.bulk_cipher_algorithm = aes;
diff --git a/src/ssl.c b/src/ssl.c
index 9dfbf1b6e..a46b2be9c 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -3259,6 +3259,10 @@ int CyaSSL_set_compression(SSL* ssl)
                     return "TLS_PSK_WITH_AES_128_CBC_SHA";
                 case TLS_PSK_WITH_AES_256_CBC_SHA :
                     return "TLS_PSK_WITH_AES_256_CBC_SHA";
+                case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
+                    return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
+                case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
+                    return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
                 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
                     return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
                 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :