diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 8e3161c3d..653f857cc 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1337,7 +1337,8 @@ void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
 
 /**
  * \brief           Set the transport type (TLS or DTLS).
- *                  Default: TLS if both are enabled, or DTLS.
+ *                  Default: TLS if #MBEDTLS_SSL_PROTO_TLS is defined, else
+ *                  DTLS.
  *
  * \note            For DTLS, you must either provide a recv callback that
  *                  doesn't block, or one that handles timeouts, see
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 173b6d58b..511715f4b 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -269,8 +269,8 @@
  *
  * Goals for these helpers:
  *  - generate minimal code, eg don't test if mode is DTLS in a DTLS-only build
- *  - make the flow clear to the compiler, ie that in dual-mode builds,
- *    when there are two branchs, exactly one of them is taken
+ *  - make the flow clear to the compiler, so that in TLS and DTLS combined
+ *  builds, when there are two branches, it knows exactly one of them is taken
  *  - preserve readability
  *
  * There are three macros:
@@ -299,7 +299,7 @@
  *  #endif
  */
 #if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_PROTO_TLS) /* both */
-#define MBEDTLS_SSL_TRANSPORT__BOTH /* shorcut for future tests */
+#define MBEDTLS_SSL_TRANSPORT__BOTH /* shortcut for future tests */
 #define MBEDTLS_SSL_TRANSPORT_IS_TLS( transport ) \
     ( (transport) == MBEDTLS_SSL_TRANSPORT_STREAM )
 #define MBEDTLS_SSL_TRANSPORT_IS_DTLS( transport ) \
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bdf93abfb..dbfcde2ad 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4925,7 +4925,7 @@ static int ssl_prepare_record_content( mbedtls_ssl_context *ssl )
                 if( ++ssl->in_ctr[i - 1] != 0 )
                     break;
 
-            /* The loop goes to its end iff the counter is wrapping */
+            /* The loop goes to its end only if the counter is wrapping around */
             if( i == 0 )
             {
                 MBEDTLS_SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
@@ -10841,7 +10841,7 @@ void mbedtls_ssl_read_version( int *major, int *minor, int transport,
             ++*minor; /* DTLS 1.0 stored as TLS 1.1 internally */
     }
     MBEDTLS_SSL_TRANSPORT_ELSE
-#endif
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
 #if defined(MBEDTLS_SSL_PROTO_TLS)
     {
         *major = ver[0];