diff --git a/testssl.sh b/testssl.sh
index 617056a..b437c41 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -725,7 +725,7 @@ run_http_header() {
      wait_kill $! $HEADER_MAXSLEEP
      if [[ $? -eq 0 ]]; then
           # we do the get command again as it terminated within $HEADER_MAXSLEEP. Thus it didn't hang, we do it
-          # again in the foreground ito get an ccurate header time!
+          # again in the foreground to get an accurate header time!
           printf "$GET_REQ11" | $OPENSSL s_client $OPTIMAL_PROTO $BUGS -quiet -ign_eof -connect $NODEIP:$PORT $PROXY $SNI >$HEADERFILE 2>$ERRFILE
           NOW_TIME=$(date "+%s")
           HTTP_TIME=$(awk -F': ' '/^date:/ { print $2 }  /^Date:/ { print $2 }' $HEADERFILE)
@@ -3848,7 +3848,7 @@ tls_time() {
           debugme out "$TLS_TIME"
           outln
      else
-          pr_warning "SSLv3 through TLS 1.2 didn't return a timestamp"
+          pr_warningln "SSLv3 through TLS 1.2 didn't return a timestamp"
           fileout "tls_time" "INFO" "No TLS timestamp returned by SSLv3 through TLSv1.2"
      fi
      return 0
@@ -7127,6 +7127,7 @@ check4openssl_oldfarts() {
                *)   outln " Update openssl binaries or compile from github.com/PeterMosmans/openssl" ;;
           esac
           ignore_no_or_lame " Type \"yes\" to accept some false negatives or positives "
+          [[ $? -ne 0 ]] && exit -2
      fi
      outln
 }
@@ -8187,7 +8188,7 @@ sclient_auth() {
 #
 determine_optimal_proto() {
      local all_failed
-     local addcmd=""
+     local sni=""
 
      #TODO: maybe query known openssl version before this workaround. 1.0.1 doesn't need this
 
@@ -8205,8 +8206,9 @@ determine_optimal_proto() {
           done
           debugme echo "STARTTLS_OPTIMAL_PROTO: $STARTTLS_OPTIMAL_PROTO"
      else
-          for OPTIMAL_PROTO in '' -tls1_2 -tls1 -ssl3 -tls1_1 -ssl2 ''; do
-               $OPENSSL s_client $OPTIMAL_PROTO $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $SNI </dev/null >$TMPFILE 2>>$ERRFILE
+          for OPTIMAL_PROTO in '' -tls1_2 -tls1 -ssl3 -tls1_1 -ssl2; do
+               [[ "$OPTIMAL_PROTO" =~ ssl ]] && sni="" || sni=$SNI
+               $OPENSSL s_client $OPTIMAL_PROTO $BUGS -connect "$NODEIP:$PORT" -msg $PROXY $sni </dev/null >$TMPFILE 2>>$ERRFILE
                if sclient_auth $? $TMPFILE; then
                     all_failed=1
                     break
@@ -8214,6 +8216,11 @@ determine_optimal_proto() {
                all_failed=0
           done
           debugme echo "OPTIMAL_PROTO: $OPTIMAL_PROTO"
+          if [[ "$OPTIMAL_PROTO" == "-ssl2" ]]; then
+               pr_magentaln "$NODEIP:$PORT appears to only support SSLv2."
+               ignore_no_or_lame " Type \"yes\" to accept some false negatives or positives "
+               [[ $? -ne 0 ]] && exit -2
+          fi
      fi
      grep -q '^Server Temp Key' $TMPFILE && HAS_DH_BITS=true     # FIX #190