diff --git a/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.qhelp b/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.qhelp
index 9be64e760b9..99b40ccb433 100644
--- a/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.qhelp
+++ b/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocol.qhelp
@@ -7,6 +7,17 @@
Using a deprecated hardcoded protocol instead of negotiating would lock your application to a protocol that has known vulnerabilities or weaknesses.
+
+Only use modern protocols such as TLS 1.2 or TLS 1.3.
+
+
+
+In the following example, the sslv2 protocol is specified. This protocol is out-of-date and its use is not recommended.
+
+In the corrected example, the tlsv13 protocol is used instead.
+
+
+
Boost.Asio documentation.
diff --git a/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocolBad.cpp b/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocolBad.cpp
new file mode 100644
index 00000000000..bab5f543448
--- /dev/null
+++ b/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocolBad.cpp
@@ -0,0 +1,7 @@
+
+void useProtocol_bad()
+{
+ boost::asio::ssl::context ctx_sslv2(boost::asio::ssl::context::sslv2); // BAD: outdated protocol
+
+ // ...
+}
diff --git a/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocolGood.cpp b/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocolGood.cpp
new file mode 100644
index 00000000000..6214e87eaff
--- /dev/null
+++ b/cpp/ql/src/Likely Bugs/Protocols/UseOfDeprecatedHardcodedProtocolGood.cpp
@@ -0,0 +1,7 @@
+
+void useProtocol_bad()
+{
+ boost::asio::ssl::context cxt_tlsv13(boost::asio::ssl::context::tlsv13);
+
+ // ...
+}