diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index ae27add6df..a6c87ad75d 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3491,7 +3491,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 #endif
     case SSL_CTRL_SET_TLSEXT_HOSTNAME:
         /*
-         * TODO(OpenSSL1.2)
          * This API is only used for a client to set what SNI it will request
          * from the server, but we currently allow it to be used on servers
          * as well, which is a programming error.  Currently we just clear
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index c777a86eb7..7328c8e2b1 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2036,7 +2036,10 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
     /* DSA is not allowed in TLS 1.3 */
     if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA)
         return 0;
-    /* TODO(OpenSSL1.2) fully axe DSA/etc. in ClientHello per TLS 1.3 spec */
+    /*
+     * At some point we should fully axe DSA/etc. in ClientHello as per TLS 1.3
+     * spec
+     */
     if (!s->server && !SSL_IS_DTLS(s) && s->s3.tmp.min_ver >= TLS1_3_VERSION
         && (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX
             || lu->hash_idx == SSL_MD_MD5_IDX