From aa093bc86db5300eedb1934c91b2244eea39735d Mon Sep 17 00:00:00 2001
From: Hubert Kario <hkario@redhat.com>
Date: Sat, 8 Nov 2014 19:11:11 +0100
Subject: [PATCH] add openssl options to help message

add examples of useful openssl options
---
 cipherscan | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/cipherscan b/cipherscan
index 5b0908c..d6b9015 100755
--- a/cipherscan
+++ b/cipherscan
@@ -212,12 +212,15 @@ usage() {
 [-v|--verbose] [-o|--openssl file] [openssl s_client args] <target:port>
     usage: $0 -h|--help
 
-$0 attempts to connect to a target site using all the ciphersuites it knows.
-Julien Vehent [:ulfr] - https://github.com/jvehent/cipherscan
+$0 attempts to connect to a target site using all the ciphersuites known
+to OpenSSL it is using.
+
+Julien Vehent [:ulfr] and others (see README.md)
+https://github.com/jvehent/cipherscan
 
 Port defaults to 443
 
-example: $ $0 www.google.com:443
+example: $ $0 www.google.com
 
 Use one of the options below:
 
@@ -241,9 +244,20 @@ Use one of the options below:
 -v | --verbose      Increase verbosity.
 
 The rest of the arguments will be interpreted as openssl s_client argument.
-This enables checking smtp/imap/pop3/ftp/xmpp via -starttls
 
-EXAMPLES: $0 -starttls xmpp jabber.ccc.de:5222
+Some useful OpenSSL options:
+-starttls [smtp|imap|pop3|ftp|xmpp] Enable support and testing of the protocols
+                    that require turning TLS after initial protocol specific
+                    hello
+-servername name    Request SNI support for connections
+-verify_hostname name Request host name verification in connection
+                    (req. OpenSSL 1.0.2)
+-verify_ip ip       Request host name verification for an IP address, usually
+                    not specified in certificates (req. OpenSSL 1.0.2)
+
+EXAMPLES:
+$0 -starttls xmpp jabber.ccc.de:5222
+$0 -servername youtube.com youtube.com:443
 "
 }