diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index b0285d7ab..81c0d6b08 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1951,6 +1951,10 @@ static int ssl_parse_hello_verify_request( mbedtls_ssl_context *ssl )
     mbedtls_ssl_read_version( &major_ver, &minor_ver, ssl->conf->transport, p );
     p += 2;
 
+    /*
+     * Since the RFC is not clear on this point, accept DTLS 1.0 (TLS 1.1)
+     * even is lower than our min version.
+     */
     if( major_ver < MBEDTLS_SSL_MAJOR_VERSION_3 ||
         minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ||
         major_ver > ssl->conf->max_major_ver  ||
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 8c9caa9ef..9896ad014 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -836,7 +836,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2)
         /*
-         * Prepend per-record IV for block cipher in TLS v1.2
+         * Prepend per-record IV for block cipher in TLS v1.2 as per
          * Method 1 (6.2.3.2. in RFC4346 and RFC5246)
          */
         if( transform->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_3 )