diff --git a/conn.go b/conn.go
index 0377568..65b1d4b 100644
--- a/conn.go
+++ b/conn.go
@@ -1073,7 +1073,7 @@ func (c *Conn) OCSPResponse() []byte {
 }
 
 // VerifyHostname checks that the peer certificate chain is valid for
-// connecting to host.  If so, it returns nil; if not, it returns an error
+// connecting to host. If so, it returns nil; if not, it returns an error
 // describing the problem.
 func (c *Conn) VerifyHostname(host string) error {
 	c.handshakeMutex.Lock()
diff --git a/handshake_server.go b/handshake_server.go
index e16cddc..dbab60b 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -462,7 +462,7 @@ func (hs *serverHandshakeState) doFullHandshake() error {
 
 	// If we received a client cert in response to our certificate request message,
 	// the client will send us a certificateVerifyMsg immediately after the
-	// clientKeyExchangeMsg.  This message is a digest of all preceding
+	// clientKeyExchangeMsg. This message is a digest of all preceding
 	// handshake-layer messages that is signed using the private key corresponding
 	// to the client's certificate. This allows us to verify that the client is in
 	// possession of the private key of the certificate.
diff --git a/handshake_server_test.go b/handshake_server_test.go
index 74ad72a..f8de4e4 100644
--- a/handshake_server_test.go
+++ b/handshake_server_test.go
@@ -69,7 +69,7 @@ func testClientHello(t *testing.T, serverConfig *Config, m handshakeMessage) {
 
 func testClientHelloFailure(t *testing.T, serverConfig *Config, m handshakeMessage, expectedSubStr string) {
 	// Create in-memory network connection,
-	// send message to server.  Should return
+	// send message to server. Should return
 	// expected error.
 	c, s := net.Pipe()
 	go func() {
diff --git a/key_agreement.go b/key_agreement.go
index 0e6a7c2..3326894 100644
--- a/key_agreement.go
+++ b/key_agreement.go
@@ -51,7 +51,7 @@ func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, cert *Certifi
 	if err != nil {
 		return nil, err
 	}
-	// We don't check the version number in the premaster secret.  For one,
+	// We don't check the version number in the premaster secret. For one,
 	// by checking it, we would leak information about the validity of the
 	// encrypted pre-master secret. Secondly, it provides only a small
 	// benefit against a downgrade attack and some implementations send the
diff --git a/tls_test.go b/tls_test.go
index 5cc1427..27394e6 100644
--- a/tls_test.go
+++ b/tls_test.go
@@ -199,7 +199,7 @@ func TestDialTimeout(t *testing.T) {
 func TestConnReadNonzeroAndEOF(t *testing.T) {
 	// This test is racy: it assumes that after a write to a
 	// localhost TCP connection, the peer TCP connection can
-	// immediately read it.  Because it's racy, we skip this test
+	// immediately read it. Because it's racy, we skip this test
 	// in short mode, and then retry it several times with an
 	// increasing sleep in between our final write (via srv.Close
 	// below) and the following read.