diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 3ce494565..476409547 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -158,14 +158,10 @@
 #error Bad configuration - protected record payload too large.
 #endif
 
-#if !defined(MBEDTLS_SSL_PROTO_DTLS)
-/* https://tools.ietf.org/html/rfc5246#section-6.2 */
-#define MBEDTLS_SSL_HEADER_LEN 5
-#else
-/* https://tools.ietf.org/html/rfc6347#section-4.1  */
-/* 8 additional bytes for epoch and sequence number */
+/* Note: Even though the TLS record header is only 5 bytes
+   long, we're internally using 8 bytes to store the
+   implicit sequence number. */
 #define MBEDTLS_SSL_HEADER_LEN 13
-#endif
 
 #define MBEDTLS_SSL_BUFFER_LEN  \
     ( ( MBEDTLS_SSL_HEADER_LEN ) + ( MBEDTLS_SSL_PAYLOAD_LEN ) )