diff --git a/src/eap_common/eap_defs.h b/src/eap_common/eap_defs.h
index 70999c4e3..3346ec53b 100644
--- a/src/eap_common/eap_defs.h
+++ b/src/eap_common/eap_defs.h
@@ -72,7 +72,7 @@ enum eap_type {
 	EAP_TYPE_MD5 = 4, /* RFC 3748 */
 	EAP_TYPE_OTP = 5 /* RFC 3748 */,
 	EAP_TYPE_GTC = 6, /* RFC 3748 */
-	EAP_TYPE_TLS = 13 /* RFC 2716 */,
+	EAP_TYPE_TLS = 13 /* RFC 5216 */,
 	EAP_TYPE_LEAP = 17 /* Cisco proprietary */,
 	EAP_TYPE_SIM = 18 /* RFC 4186 */,
 	EAP_TYPE_TTLS = 21 /* RFC 5281 */,
diff --git a/src/eap_peer/eap_tls.c b/src/eap_peer/eap_tls.c
index 0d479f1c2..1c695048c 100644
--- a/src/eap_peer/eap_tls.c
+++ b/src/eap_peer/eap_tls.c
@@ -1,5 +1,5 @@
 /*
- * EAP peer method: EAP-TLS (RFC 2716)
+ * EAP peer method: EAP-TLS (RFC 5216, RFC 9190)
  * Copyright (c) 2004-2008, 2012-2019, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
@@ -302,7 +302,7 @@ static struct wpabuf * eap_tls_process(struct eap_sm *sm, void *priv,
 		return NULL;
 	}
 
-	/* draft-ietf-emu-eap-tls13-13 Section 2.5 */
+	/* RFC 9190 Section 2.5 */
 	if (res == 2 && data->ssl.tls_v13 && wpabuf_len(resp) == 1 &&
 	    *wpabuf_head_u8(resp) == 0) {
 		wpa_printf(MSG_DEBUG, "EAP-TLS: ACKing Commitment Message");
diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
index c4019154d..b27408179 100644
--- a/src/eap_peer/eap_ttls.c
+++ b/src/eap_peer/eap_ttls.c
@@ -1473,7 +1473,7 @@ start:
 		goto start;
 	}
 
-	/* draft-ietf-emu-eap-tls13-13 Section 2.5 */
+	/* RFC 9190 Section 2.5 */
 	if (data->ssl.tls_v13 && wpabuf_len(in_decrypted) == 1 &&
 	    *wpabuf_head_u8(in_decrypted) == 0) {
 		wpa_printf(MSG_DEBUG,
diff --git a/src/eap_server/eap_server_tls.c b/src/eap_server/eap_server_tls.c
index 00a496f2c..6681c1afa 100644
--- a/src/eap_server/eap_server_tls.c
+++ b/src/eap_server/eap_server_tls.c
@@ -1,5 +1,5 @@
 /*
- * hostapd / EAP-TLS (RFC 2716)
+ * hostapd / EAP-TLS (RFC 5216, RFC 9190)
  * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
  *
  * This software may be distributed under the terms of the BSD license.
diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index a9b53b1a0..139e97720 100644
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -367,14 +367,14 @@ int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
 			sm->cfg->ssl_ctx, data->conn);
 
 	/*
-	 * https://tools.ietf.org/html/draft-ietf-emu-eap-tls13#section-2.5
+	 * RFC 9190 Section 2.5
 	 *
 	 * We need to signal the other end that TLS negotiation is done. We
 	 * can't send a zero-length application data message, so we send
 	 * application data which is one byte of zero.
 	 *
 	 * Note this is only done for when there is no application data to be
-	 * sent. So this is done always for EAP-TLS but notibly not for PEAP
+	 * sent. So this is done always for EAP-TLS but notably not for PEAP
 	 * even on resumption.
 	 */
 	if (data->tls_v13 &&