diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 74dd40bb3..639b18c92 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1694,7 +1694,7 @@ int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_key_attributes_t key_attributes = psa_key_attributes_init();
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    psa_algorithm_t alg = PSA_ALG_ANY_HASH;
+    psa_algorithm_t alg = PSA_ALG_NONE;
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 04fa5de32..3c267cf10 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1031,14 +1031,11 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
      */
     MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, cipher_suites_len + 2 + 2 );
 
-   /*
-    * uint8 CipherSuite[2];    // Cryptographic suite selector
-    *
-    * struct {
-    *     ...
-    *     CipherSuite cipher_suites<2..2^16-2>;
-    *     ...
-    * } ClientHello;
+   /* ...
+    * CipherSuite cipher_suites<2..2^16-2>;
+    * ...
+    * with CipherSuite defined as:
+    * uint8 CipherSuite[2];
     */
     cipher_suites = p;
     cipher_suites_end = p + cipher_suites_len;
@@ -1293,7 +1290,6 @@ static int ssl_tls13_parse_client_hello( mbedtls_ssl_context *ssl,
                                         MBEDTLS_SSL_HS_CLIENT_HELLO,
                                         p - buf );
 
-/* TODO: move later */
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
     /* Update checksum with either
      * - The entire content of the CH message, if no PSK extension is present