diff --git a/src/internal.c b/src/internal.c
index f545407ae..b112e074b 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -6619,6 +6619,36 @@ int SetCipherList(Suites* s, const char* list)
 }
 
 
+static void PickHashSigAlgo(CYASSL* ssl,
+                             const byte* hashSigAlgo, word32 hashSigAlgoSz)
+{
+    word32 i;
+
+    ssl->suites->sigAlgo = ssl->specs.sig_algo;
+    ssl->suites->hashAlgo = sha_mac;
+
+    for (i = 0; i < hashSigAlgoSz; i += 2) {
+        if (hashSigAlgo[i+1] == ssl->specs.sig_algo) {
+            if (hashSigAlgo[i] == sha_mac) {
+                break;
+            }
+            #ifndef NO_SHA256
+            else if (hashSigAlgo[i] == sha256_mac) {
+                ssl->suites->hashAlgo = sha256_mac;
+                break;
+            }
+            #endif
+            #ifdef CYASSL_SHA384
+            else if (hashSigAlgo[i] == sha384_mac) {
+                ssl->suites->hashAlgo = sha384_mac;
+                break;
+            }
+            #endif
+        }
+    }
+}
+
+
 #ifdef CYASSL_CALLBACKS
 
     /* Initialisze HandShakeInfo */
@@ -9082,36 +9112,6 @@ int SetCipherList(Suites* s, const char* list)
     }
 
 
-    static void PickHashSigAlgo(CYASSL* ssl,
-                                 const byte* hashSigAlgo, word32 hashSigAlgoSz)
-    {
-        word32 i;
-
-        ssl->suites->sigAlgo = ssl->specs.sig_algo;
-        ssl->suites->hashAlgo = sha_mac;
-
-        for (i = 0; i < hashSigAlgoSz; i += 2) {
-            if (hashSigAlgo[i+1] == ssl->specs.sig_algo) {
-                if (hashSigAlgo[i] == sha_mac) {
-                    break;
-                }
-                #ifndef NO_SHA256
-                else if (hashSigAlgo[i] == sha256_mac) {
-                    ssl->suites->hashAlgo = sha256_mac;
-                    break;
-                }
-                #endif
-                #ifdef CYASSL_SHA384
-                else if (hashSigAlgo[i] == sha384_mac) {
-                    ssl->suites->hashAlgo = sha384_mac;
-                    break;
-                }
-                #endif
-            }
-        }
-    }
-
-    
     static int MatchSuite(CYASSL* ssl, Suites* peerSuites)
     {
         word16 i, j;
diff --git a/src/ssl.c b/src/ssl.c
index 60caf99d6..3f65e6138 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2032,6 +2032,26 @@ int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
 }
 
 
+static INLINE CYASSL_METHOD* cm_pick_method(void)
+{
+    #ifndef NO_CYASSL_CLIENT
+        #ifdef NO_OLD_TLS
+            return CyaTLSv1_2_client_method();
+        #else
+            return CyaSSLv3_client_method();
+        #endif
+    #elif !defined(NO_CYASSL_SERVER)
+        #ifdef NO_OLD_TLS
+            return CyaTLSv1_2_server_method();
+        #else
+            return CyaSSLv3_server_method();
+        #endif
+    #else
+        return NULL;
+    #endif
+}
+
+
 /* like load verify locations, 1 for success, < 0 for error */
 int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER* cm, const char* file,
                              const char* path)
@@ -2045,13 +2065,7 @@ int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER* cm, const char* file,
         CYASSL_MSG("No CertManager error");
         return ret;
     }
-    tmp = CyaSSL_CTX_new(
-#ifdef NO_OLD_TLS
-                         CyaTLSv1_2_client_method()
-#else
-                         CyaSSLv3_client_method()
-#endif
-                         );
+    tmp = CyaSSL_CTX_new(cm_pick_method());
 
     if (tmp == NULL) {
         CYASSL_MSG("CTX new failed");