diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 10ded131e0..6819e7ac7f 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3561,7 +3561,8 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl,
     ret = ssl->conf->f_rng( ssl->conf->p_rng, fake_pms, sizeof( fake_pms ) );
     if( ret != 0 )
     {
-        /* It's ok to abort on an RNG failure, since this does not  */
+        /* It's ok to abort on an RNG failure, since this does not reveal
+         * anything about the RSA decryption. */
         return( ret );
     }