diff --git a/cyassl/internal.h b/cyassl/internal.h
index 6aa119da4..50ae3929d 100644
--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@@ -342,6 +342,7 @@ enum Misc {
     TLSv1_MINOR     = 1,        /* TLSv1   minor version number */
     TLSv1_1_MINOR   = 2,        /* TLSv1_1 minor version number */
     TLSv1_2_MINOR   = 3,        /* TLSv1_2 minor version number */
+    INVALID_BYTE    = 0xff,     /* Used to initialize cipher specs values */
     NO_COMPRESSION  =  0,
     ZLIB_COMPRESSION = 221,     /* CyaSSL zlib compression */
     HELLO_EXT_SIG_ALGO = 13,    /* ID for the sig_algo hello extension */
diff --git a/src/internal.c b/src/internal.c
index 58c42d1d6..bf76cf821 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -498,11 +498,11 @@ void FreeCiphers(CYASSL* ssl)
 
 void InitCipherSpecs(CipherSpecs* cs)
 {
-    cs->bulk_cipher_algorithm = -1;
-    cs->cipher_type           = -1;
-    cs->mac_algorithm         = -1;
-    cs->kea                   = -1;
-    cs->sig_algo              = -1;
+    cs->bulk_cipher_algorithm = INVALID_BYTE;
+    cs->cipher_type           = INVALID_BYTE;
+    cs->mac_algorithm         = INVALID_BYTE;
+    cs->kea                   = INVALID_BYTE;
+    cs->sig_algo              = INVALID_BYTE;
 
     cs->hash_size   = 0;
     cs->static_ecdh = 0;
@@ -7110,15 +7110,17 @@ int SetCipherList(Suites* s, const char* list)
                 b = input[i++];
                 if (b) {
                     byte cookie[MAX_COOKIE_LEN];
-                    byte cookieSz;
 
                     if (b > MAX_COOKIE_LEN)
                         return BUFFER_ERROR;
                     if (i + b > totalSz)
                         return INCOMPLETE_DATA;
-                    cookieSz = EmbedGenerateCookie(cookie, COOKIE_SZ, ssl);
-                    if ((b != cookieSz) || XMEMCMP(cookie, input + i, b) != 0)
+                    if ((EmbedGenerateCookie(cookie, COOKIE_SZ, ssl)
+                                                                 != COOKIE_SZ)
+                            || (b != COOKIE_SZ)
+                            || (XMEMCMP(cookie, input + i, b) != 0)) {
                         return COOKIE_ERROR;
+                    }
                     i += b;
                 }
             }
diff --git a/src/io.c b/src/io.c
index 7ed6f9e85..0f1d9e555 100644
--- a/src/io.c
+++ b/src/io.c
@@ -320,7 +320,7 @@ int EmbedReceiveFrom(CYASSL *ssl, char *buf, int sz, void *ctx)
     else {
         if (dtlsCtx != NULL
                 && dtlsCtx->peer.sz > 0
-                && peerSz != dtlsCtx->peer.sz
+                && peerSz != (XSOCKLENT)dtlsCtx->peer.sz
                 && memcmp(&peer, dtlsCtx->peer.sa, peerSz) != 0) {
             CYASSL_MSG("    Ignored packet from invalid peer");
             return IO_ERR_WANT_READ;
diff --git a/src/tls.c b/src/tls.c
index d2d30e2ad..005bf51bf 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -374,7 +374,7 @@ void TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz,
     c16toa((word16)sz, length);
 #ifdef CYASSL_DTLS
     if (ssl->options.dtls)
-        c16toa(GetEpoch(ssl, verify), seq);
+        c16toa((word16)GetEpoch(ssl, verify), seq);
 #endif
     c32toa(GetSEQIncrement(ssl, verify), &seq[sizeof(word32)]);