diff --git a/scripts/ssl-ccs-injection.nse b/scripts/ssl-ccs-injection.nse
index f929334eb..38f18773c 100644
--- a/scripts/ssl-ccs-injection.nse
+++ b/scripts/ssl-ccs-injection.nse
@@ -138,14 +138,14 @@ local function test_ccs_injection(host, port, version)
   if specialized then
     status, s = specialized(host, port)
     if not status then
-      stdnse.debug3("Connection to server failed")
+      stdnse.debug3("Connection to server failed: %s", s)
       return false, Error.CONNECT
     end
   else
     s = nmap.new_socket()
-    status = s:connect(host, port)
+    status, err = s:connect(host, port)
     if not status then
-      stdnse.debug3("Connection to server failed")
+      stdnse.debug3("Connection to server failed: %s", err)
       return false, Error.CONNECT
     end
   end
diff --git a/scripts/ssl-enum-ciphers.nse b/scripts/ssl-enum-ciphers.nse
index e8b8592a2..ac325335c 100644
--- a/scripts/ssl-enum-ciphers.nse
+++ b/scripts/ssl-enum-ciphers.nse
@@ -151,25 +151,24 @@ local function ctx_log(level, protocol, fmt, ...)
 end
 
 local function try_params(host, port, t)
-  local buffer, err, i, record, req, resp, sock, status
 
   -- Use Nmap's own discovered timeout, doubled for safety
   -- Default to 10 seconds.
   local timeout = ((host.times and host.times.timeout) or 5) * 1000 * 2
 
   -- Create socket.
+  local status, sock, err
   local specialized = sslcert.getPrepareTLSWithoutReconnect(port)
   if specialized then
-    local status
     status, sock = specialized(host, port)
     if not status then
-      ctx_log(1, t.protocol, "Can't connect: %s", err)
+      ctx_log(1, t.protocol, "Can't connect: %s", sock)
       return nil
     end
   else
     sock = nmap.new_socket()
     sock:set_timeout(timeout)
-    local status = sock:connect(host, port)
+    status, err = sock:connect(host, port)
     if not status then
       ctx_log(1, t.protocol, "Can't connect: %s", err)
       sock:close()
@@ -180,7 +179,7 @@ local function try_params(host, port, t)
   sock:set_timeout(timeout)
 
   -- Send request.
-  req = tls.client_hello(t)
+  local req = tls.client_hello(t)
   status, err = sock:send(req)
   if not status then
     ctx_log(1, t.protocol, "Can't send: %s", err)
@@ -189,8 +188,8 @@ local function try_params(host, port, t)
   end
 
   -- Read response.
-  buffer = ""
-  record = nil
+  local buffer = ""
+  local i, record = nil
   while true do
     local status
     status, buffer, err = tls.record_buffer(sock, buffer, 1)
diff --git a/scripts/ssl-heartbleed.nse b/scripts/ssl-heartbleed.nse
index 2b23e71dc..7da2bd720 100644
--- a/scripts/ssl-heartbleed.nse
+++ b/scripts/ssl-heartbleed.nse
@@ -95,20 +95,19 @@ local function testversion(host, port, version)
       )
     )
 
-  local s
+  local status, s, err
   local specialized = sslcert.getPrepareTLSWithoutReconnect(port)
   if specialized then
-    local status
     status, s = specialized(host, port)
     if not status then
-      stdnse.debug3("Connection to server failed")
+      stdnse.debug3("Connection to server failed: %s", s)
       return
     end
   else
     s = nmap.new_socket()
-    local status = s:connect(host, port)
+    status, err = s:connect(host, port)
     if not status then
-      stdnse.debug3("Connection to server failed")
+      stdnse.debug3("Connection to server failed: %s", err)
       return
     end
   end
@@ -116,7 +115,7 @@ local function testversion(host, port, version)
   s:set_timeout(5000)
 
   -- Send Client Hello to the target server
-  local status, err = s:send(hello)
+  status, err = s:send(hello)
   if not status then
     stdnse.debug1("Couldn't send Client Hello: %s", err)
     s:close()
diff --git a/scripts/ssl-poodle.nse b/scripts/ssl-poodle.nse
index 74686a32c..adbf0a16d 100644
--- a/scripts/ssl-poodle.nse
+++ b/scripts/ssl-poodle.nse
@@ -77,23 +77,21 @@ local function ctx_log(level, protocol, fmt, ...)
 end
 
 local function try_params(host, port, t)
-  local buffer, err, i, record, req, resp, sock, status
-
   local timeout = ((host.times and host.times.timeout) or 5) * 1000 + 5000
 
   -- Create socket.
+  local status, sock, err
   local specialized = sslcert.getPrepareTLSWithoutReconnect(port)
   if specialized then
-    local status
     status, sock = specialized(host, port)
     if not status then
-      ctx_log(1, t.protocol, "Can't connect: %s", err)
+      ctx_log(1, t.protocol, "Can't connect: %s", sock)
       return nil
     end
   else
     sock = nmap.new_socket()
     sock:set_timeout(timeout)
-    local status = sock:connect(host, port)
+    status, err = sock:connect(host, port)
     if not status then
       ctx_log(1, t.protocol, "Can't connect: %s", err)
       sock:close()
@@ -104,7 +102,7 @@ local function try_params(host, port, t)
   sock:set_timeout(timeout)
 
   -- Send request.
-  req = tls.client_hello(t)
+  local req = tls.client_hello(t)
   status, err = sock:send(req)
   if not status then
     ctx_log(1, t.protocol, "Can't send: %s", err)
@@ -113,8 +111,8 @@ local function try_params(host, port, t)
   end
 
   -- Read response.
-  buffer = ""
-  record = nil
+  local buffer = ""
+  local i, record = nil
   while true do
     local status
     status, buffer, err = tls.record_buffer(sock, buffer, 1)