diff --git a/README b/README
index 9d15eb7fb..d4e952102 100644
--- a/README
+++ b/README
@@ -12,7 +12,9 @@ key cipher suites with
     WOLFSSL_STATIC_PSK
 
 though static key cipher suites are deprecated and will be removed from future
-versions of TLS.  They also lower your security by removing PFS.
+versions of TLS.  They also lower your security by removing PFS. Since current
+NTRU suites available do not use ephemeral keys, WOLFSSL_STATIC_RSA needs to be
+used in order to build with NTRU suites.
 
 When compiling ssl.c wolfSSL will now issue a compiler error if no cipher suites
 are available.  You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index a0ecae3ff..25e6cd5c0 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -152,7 +152,7 @@ THREAD_RETURN CYASSL_THREAD echoserver_test(void* args)
 
 #ifndef NO_FILESYSTEM
     if (doPSK == 0) {
-    #ifdef HAVE_NTRU
+    #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
         /* ntru */
         if (CyaSSL_CTX_use_certificate_file(ctx, ntruCert, SSL_FILETYPE_PEM)
                 != SSL_SUCCESS)
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index dea006f80..9c2de60c7 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -229,7 +229,8 @@ typedef byte word24[3];
                 #define BUILD_SSL_RSA_WITH_RC4_128_MD5
             #endif
         #endif
-        #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA)
+        #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \
+            && defined(WOLFSSL_STATIC_RSA)
             #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
         #endif
     #endif
@@ -239,7 +240,8 @@ typedef byte word24[3];
             #if defined(WOLFSSL_STATIC_RSA)
                 #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
             #endif
-            #if !defined(NO_TLS) && defined(HAVE_NTRU)
+            #if !defined(NO_TLS) && defined(HAVE_NTRU) \
+                && defined(WOLFSSL_STATIC_RSA)
                     #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
             #endif
         #endif
@@ -257,7 +259,7 @@ typedef byte word24[3];
                 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
                 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
             #endif
-            #if defined(HAVE_NTRU)
+            #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
                     #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
                     #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
             #endif
diff --git a/wolfssl/test.h b/wolfssl/test.h
index f2c7b3dfd..ffd2e88f3 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -455,7 +455,12 @@ static INLINE void showPeer(WOLFSSL* ssl)
     printf("SSL version is %s\n", wolfSSL_get_version(ssl));
 
     cipher = wolfSSL_get_current_cipher(ssl);
+#ifdef HAVE_QSH
+    printf("SSL cipher suite is %s%s\n", (wolfSSL_isQSH(ssl))? "QSH:": "",
+            wolfSSL_CIPHER_get_name(cipher));
+#else
     printf("SSL cipher suite is %s\n", wolfSSL_CIPHER_get_name(cipher));
+#endif
 
 #if defined(SESSION_CERTS) && defined(SHOW_CERTS)
     {