From b773fa993963b41295d724496e863f9a733bf4fa Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Mon, 20 Apr 2026 18:43:59 +0200
Subject: [PATCH] Fix doc error regarding MAX_SOCKET_FAIL + MAX_OSSL_FAIL

The trailing error messages were swapped in the paragraphs /
description for MAX_SOCKET_FAIL + MAX_OSSL_FAIL .

This fixes the confusion for 3.3dev , see #3028 .
---
 doc/testssl.1      | 6 +++---
 doc/testssl.1.html | 6 +++---
 doc/testssl.1.md   | 4 ++--
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/doc/testssl.1 b/doc/testssl.1
index f17a3ce..a30d23e 100644
--- a/doc/testssl.1
+++ b/doc/testssl.1
@@ -1141,14 +1141,14 @@ MAX_SOCKET_FAIL: A number which tells testssl.sh how often a TCP socket
 connection may fail before the program gives up and terminates.
 The default is 2.
 You can increase it to a higher value if you frequently see a message
-like \f[I]Fatal error: repeated openssl s_client connect problem,
-doesn\[cq]t make sense to continue\f[R].
+like \f[I]Fatal error: repeated TCP connect problems, giving up\f[R].
 .IP \[bu] 2
 MAX_OSSL_FAIL: A number which tells testssl.sh how often an OpenSSL
 s_client connect may fail before the program gives up and terminates.
 The default is 2.
 You can increase it to a higher value if you frequently see a message
-like \f[I]Fatal error: repeated TCP connect problems, giving up\f[R].
+like \f[I]Fatal error: repeated openssl s_client connect problem,
+doesn\[cq]t make sense to continue\f[R].
 .IP \[bu] 2
 MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET
 request over OpenSSL may return an empty file before the program gives
diff --git a/doc/testssl.1.html b/doc/testssl.1.html
index 4ff813a..741e576 100644
--- a/doc/testssl.1.html
+++ b/doc/testssl.1.html
@@ -995,13 +995,13 @@
         TCP socket connection may fail before the program gives up and
         terminates. The default is 2. You can increase it to a higher
         value if you frequently see a message like <em>Fatal error:
-        repeated openssl s_client connect problem, doesn’t make sense to
-        continue</em>.</li>
+        repeated TCP connect problems, giving up</em>.</li>
         <li>MAX_OSSL_FAIL: A number which tells testssl.sh how often an
         OpenSSL s_client connect may fail before the program gives up
         and terminates. The default is 2. You can increase it to a
         higher value if you frequently see a message like <em>Fatal
-        error: repeated TCP connect problems, giving up</em>.</li>
+        error: repeated openssl s_client connect problem, doesn’t make
+        sense to continue</em>.</li>
         <li>MAX_HEADER_FAIL: A number which tells testssl.sh how often a
         HTTP GET request over OpenSSL may return an empty file before
         the program gives up and terminates. The default is 3. Also here
diff --git a/doc/testssl.1.md b/doc/testssl.1.md
index c817447..0f0ddeb 100644
--- a/doc/testssl.1.md
+++ b/doc/testssl.1.md
@@ -408,8 +408,8 @@ Except the environment variables mentioned above which can replace command line
 * DAYS2WARN2 is the second threshold when you'll be warning of a certificate expiration of a host, preset to 30 (days). For Let's Encrypt this value will be divided internally by 2.
 * TESTSSL_INSTALL_DIR is the derived installation directory of testssl.sh. Relatively to that the `bin` and mandatory `etc` directory will be looked for.
 * CA_BUNDLES_PATH: If you have an own set of CA bundles or you want to point testssl.sh to a specific location of a CA bundle, you can use this variable to set the directory which testssl.sh will use. Please note that it overrides completely the builtin path of testssl.sh which means that you will only test against the bundles you point to. Also you might want to use `~/utils/create_ca_hashes.sh` to create the hashes for HPKP.
-* MAX_SOCKET_FAIL: A number which tells testssl.sh how often a TCP socket connection may fail before the program gives up and terminates. The default is 2. You can increase it to a higher value if you frequently see a message like *Fatal error: repeated openssl s_client connect problem, doesn't make sense to continue*.
-* MAX_OSSL_FAIL: A number which tells testssl.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates. The default is 2. You can increase it to a higher value if you frequently see a message like *Fatal error: repeated TCP connect problems, giving up*.
+* MAX_SOCKET_FAIL: A number which tells testssl.sh how often a TCP socket connection may fail before the program gives up and terminates. The default is 2. You can increase it to a higher value if you frequently see a message like *Fatal error: repeated TCP connect problems, giving up*.
+* MAX_OSSL_FAIL: A number which tells testssl.sh how often an OpenSSL s_client connect may fail before the program gives up and terminates. The default is 2. You can increase it to a higher value if you frequently see a message like *Fatal error: repeated openssl s_client connect problem, doesn't make sense to continue*.
 * MAX_HEADER_FAIL: A number which tells testssl.sh how often a HTTP GET request over OpenSSL may return an empty file before the program gives up and terminates. The default is 3. Also here you can increase the threshold when you spot messages like *Fatal error: repeated HTTP header connect problems, doesn't make sense to continue*.
 * OPENSSL2 can be used to supply an alternative openssl version. This only makes sense if you want to amend the supplied version in `bin/` which lacks TLS 1.3 support with a version which doesn not and is not in `/usr/bin/openssl`.
 * OSSL_SHORTCUT should be set to false when you run interactively and don't want to switch automatically to `/usr/bin/openssl` (`OPENSSL2`) if you encounter a TLS 1.3-only host.