diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 13ef517731..df5cd732ca 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -409,7 +409,8 @@ int ssl3_enc(SSL *s, int send)
 				{
 				/* Incorrect padding. SSLerr() and ssl3_alert are done
 				 * by caller: we don't want to reveal whether this is
-				 * a decryption error or a MAC verification failure. */
+				 * a decryption error or a MAC verification failure
+				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
 				return -1;
 				}
 			rec->length-=i;
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 81583ecae9..a6502772e8 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -552,7 +552,8 @@ int tls1_enc(SSL *s, int send)
 				{
 				/* Incorrect padding. SSLerr() and ssl3_alert are done
 				 * by caller: we don't want to reveal whether this is
-				 * a decryption error or a MAC verification failure. */
+				 * a decryption error or a MAC verification failure
+				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
 				return -1;
 				}
 			for (j=(int)(l-i); j<(int)l; j++)