diff --git a/tests/dtls-client.c b/tests/dtls-client.c
index d7bb12f6..84c530c6 100644
--- a/tests/dtls-client.c
+++ b/tests/dtls-client.c
@@ -60,6 +60,9 @@ static dtls_str output_file = { 0, NULL }; /* output file name */
 static dtls_context_t *dtls_context = NULL;
 static dtls_context_t *orig_dtls_context = NULL;
 
+static const dtls_cipher_t* ciphers = NULL;
+static unsigned int force_extended_master_secret = 0;
+
 
 #ifdef DTLS_ECC
 static const unsigned char ecdsa_priv_key[] = {
@@ -229,9 +232,6 @@ send_to_peer(struct dtls_context_t *ctx,
                 &session->addr.sa, session->size);
 }
 
-static const dtls_cipher_t* ciphers = NULL;
-static unsigned int force_extended_master_secret = 0;
-
 static void
 get_user_parameters(struct dtls_context_t *ctx,
                     session_t *session, dtls_user_parameters_t *user_parameters) {
@@ -353,20 +353,21 @@ usage( const char *program, const char *version) {
   fprintf(stderr, "%s v%s -- DTLS client implementation\n"
           "(c) 2011-2014 Olaf Bergmann <bergmann@tzi.org>\n\n"
 #ifdef DTLS_PSK
-          "usage: %s [-i file] [-k file] [-o file] [-p port] [-v num] [-c cipher-suites] [-e] addr [port]\n"
+          "usage: %s [-c cipher suites] [-e] [-i file] [-k file] [-o file] [-p port] [-v num] addr [port]\n",
 #else /*  DTLS_PSK */
-          "usage: %s [-o file] [-p port] [-v num] [-c cipher-suites] [-e] addr [port]\n"
+          "usage: %s [-c cipher suites] [-e] [-o file] [-p port] [-v num] addr [port]\n",
 #endif /* DTLS_PSK */
+          program, version, program);
+  cipher_suites_usage(stderr, "\t");
+  fprintf(stderr, "\t-e\t\tforce extended master secret (RFC7627)\n"
 #ifdef DTLS_PSK
           "\t-i file\t\tread PSK identity from file\n"
           "\t-k file\t\tread pre-shared key from file\n"
 #endif /* DTLS_PSK */
           "\t-o file\t\toutput received data to this file (use '-' for STDOUT)\n"
           "\t-p port\t\tlisten on specified port (default is %d)\n"
-          "\t-v num\t\tverbosity level (default: 3)\n"
-          "\t-e\t\tforce extended master secret (RFC7627)\n",
-          program, version, program, DEFAULT_PORT);
-  cipher_suites_usage(stderr, "\t");
+          "\t-v num\t\tverbosity level (default: 3)\n",
+          DEFAULT_PORT);
 }
 
 static dtls_handler_t cb = {
@@ -421,7 +422,7 @@ main(int argc, char **argv) {
   memcpy(psk_key, PSK_DEFAULT_KEY, psk_key_length);
 #endif /* DTLS_PSK */
 
-  while ((opt = getopt(argc, argv, "ep:o:v:c:" PSK_OPTIONS)) != -1) {
+  while ((opt = getopt(argc, argv, "c:eo:p:v:" PSK_OPTIONS)) != -1) {
     switch (opt) {
 #ifdef DTLS_PSK
     case 'i' :
@@ -441,9 +442,11 @@ main(int argc, char **argv) {
       }
       break;
 #endif /* DTLS_PSK */
-    case 'p' :
-      strncpy(port_str, optarg, NI_MAXSERV-1);
-      port_str[NI_MAXSERV - 1] = '\0';
+    case 'c' :
+      ciphers = init_cipher_suites(optarg);
+      break;
+    case 'e' :
+      force_extended_master_secret = 1;
       break;
     case 'o' :
       output_file.length = strlen(optarg);
@@ -457,15 +460,13 @@ main(int argc, char **argv) {
         memcpy(output_file.s, optarg, output_file.length + 1);
       }
       break;
+    case 'p' :
+      strncpy(port_str, optarg, NI_MAXSERV-1);
+      port_str[NI_MAXSERV - 1] = '\0';
+      break;
     case 'v' :
       log_level = strtol(optarg, NULL, 10);
       break;
-    case 'c' :
-      ciphers = init_cipher_suites(optarg);
-      break;
-    case 'e' :
-      force_extended_master_secret = 1;
-      break;
     default:
       usage(argv[0], dtls_package_version());
       exit(1);
diff --git a/tests/dtls-server.c b/tests/dtls-server.c
index 9c60dfeb..f83371fb 100644
--- a/tests/dtls-server.c
+++ b/tests/dtls-server.c
@@ -45,6 +45,9 @@
 #define DEFAULT_PORT 20220
 
 static dtls_context_t *the_context = NULL;
+static volatile int cmd_exit = 0;
+static const dtls_cipher_t* ciphers = NULL;
+static unsigned int force_extended_master_secret = 0;
 
 #ifdef DTLS_ECC
 static const unsigned char ecdsa_priv_key[] = {
@@ -152,8 +155,6 @@ verify_ecdsa_key(struct dtls_context_t *ctx,
 #define DTLS_SERVER_CMD_CLOSE "server:close"
 #define DTLS_SERVER_CMD_EXIT "server:exit"
 
-static volatile int cmd_exit = 0;
-
 static int
 is_command(const char* cmd, const uint8 *data, size_t len) {
   size_t cmd_len = strlen(cmd);
@@ -192,9 +193,6 @@ send_to_peer(struct dtls_context_t *ctx,
                 &session->addr.sa, session->size);
 }
 
-static const dtls_cipher_t* ciphers = NULL;
-static unsigned int force_extended_master_secret = 0;
-
 static void
 get_user_parameters(struct dtls_context_t *ctx,
                     session_t *session, dtls_user_parameters_t *user_parameters) {
@@ -309,13 +307,14 @@ usage(const char *program, const char *version) {
 
   fprintf(stderr, "%s v%s -- DTLS server implementation\n"
          "(c) 2011-2014 Olaf Bergmann <bergmann@tzi.org>\n\n"
-         "usage: %s [-A address] [-p port] [-v num] [-c cipher-suites] [-e]\n"
-         "\t-A address\t\tlisten on specified address (default is ::)\n"
-         "\t-p port\t\tlisten on specified port (default is %d)\n"
-         "\t-v num\t\tverbosity level (default: 3)\n"
-         "\t-e\t\tforce extended master secret (RFC7627)\n",
-         program, version, program, DEFAULT_PORT);
+         "usage: %s [-A address] [-p port] [-v num] [-c cipher suites] [-e]\n"
+         "\t-A address\t\tlisten on specified address (default is ::)\n",
+         program, version, program);
   cipher_suites_usage(stderr, "\t");
+  fprintf(stderr, "\t-e\t\tforce extended master secret (RFC7627)\n"
+         "\t-p port\t\tlisten on specified port (default is %d)\n"
+         "\t-v num\t\tverbosity level (default: 3)\n",
+         DEFAULT_PORT);
 }
 
 static dtls_handler_t cb = {
@@ -356,7 +355,7 @@ main(int argc, char **argv) {
   listen_addr.sin6_family = AF_INET6;
   listen_addr.sin6_addr = in6addr_any;
 
-  while ((opt = getopt(argc, argv, "eA:p:v:c:")) != -1) {
+  while ((opt = getopt(argc, argv, "A:c:ep:v:")) != -1) {
     switch (opt) {
     case 'A' :
       if (resolve_address(optarg, (struct sockaddr *)&listen_addr) < 0) {
@@ -364,18 +363,18 @@ main(int argc, char **argv) {
         exit(-1);
       }
       break;
-    case 'p' :
-      port = htons(atoi(optarg));
-      break;
-    case 'v' :
-      log_level = strtol(optarg, NULL, 10);
-      break;
     case 'c' :
       ciphers = init_cipher_suites(optarg);
       break;
     case 'e' :
       force_extended_master_secret = 1;
       break;
+    case 'p' :
+      port = htons(atoi(optarg));
+      break;
+    case 'v' :
+      log_level = strtol(optarg, NULL, 10);
+      break;
     default:
       usage(argv[0], dtls_package_version());
       exit(1);
diff --git a/tests/dtls_ciphers_util.c b/tests/dtls_ciphers_util.c
index 915e6969..48b79cb7 100644
--- a/tests/dtls_ciphers_util.c
+++ b/tests/dtls_ciphers_util.c
@@ -80,13 +80,11 @@ init_cipher_suites(const char* arg) {
 
 void
 cipher_suites_usage(FILE* file, const char* head) {
-  fprintf(file, "%s-c ciphers\tlist of cipher-suites separated by ':'\n", head);
-  fprintf(file, "%s\t\t(default is ", head);
-#if defined(DTLS_PSK) && defined(DTLS_ECC)
-  fprintf(file, "%s:%s\n", map[0].name, map[1].name);
-  fprintf(file, "%s\t\t :%s:%s)\n", head, map[2].name, map[3].name);
-#elif defined(DTLS_PSK) || defined(DTLS_ECC)
-  fprintf(file, "%s:%s)\n", map[0].name, map[1].name);
-#endif
+  fprintf(file, "%s-c ciphers\tlist of cipher suites separated by ':'\n", head);
+  fprintf(file, "%s\t\t(default is %s", head, map[0].name);
+  for (int index = 1; map[index].name; ++index) {
+     fprintf(file, "\n%s\t\t :%s", head, map[index].name);
+  }
+  fprintf(file, ")\n");
 }