From 5284dda0fbc43017d3537b57e3d00b9b931e37d3 Mon Sep 17 00:00:00 2001
From: Julien Vehent <julien@linuxwall.info>
Date: Fri, 18 Sep 2015 13:36:09 -0400
Subject: [PATCH] Enable SNI by default only if target is a fqdn and
 -servername not supplied

---
 cipherscan | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/cipherscan b/cipherscan
index 1cb26d1..b560052 100755
--- a/cipherscan
+++ b/cipherscan
@@ -1531,7 +1531,10 @@ if [[ $VERBOSE != 0 ]] ; then
 fi
 
 SCLIENTARGS="${PARAMS[*]}"
-if [[ $SNI == "True" ]]; then
+# only append the SNI:
+# if the target is a hostname by validating the tld
+# if -servername was not supplied by the user
+if [[ $SNI == "True"  && $sni_target =~ \.[a-z]{1,20}$ && ! $SCLIENTARGS =~ servername ]]; then
     SCLIENTARGS="$SCLIENTARGS -servername $sni_target"
 fi
 debug "sclientargs: $SCLIENTARGS"