diff --git a/scripts/ssl-enum-ciphers.nse b/scripts/ssl-enum-ciphers.nse
index 8787098cd..9c4be2c1b 100644
--- a/scripts/ssl-enum-ciphers.nse
+++ b/scripts/ssl-enum-ciphers.nse
@@ -19,6 +19,9 @@ strength of the connection. The grade is based on the cryptographic strength of
 the key exchange and of the stream cipher. The message integrity (hash)
 algorithm choice is not a factor.  The output line beginning with
 <code>Least strength</code> shows the strength of the weakest cipher offered.
+The scoring is based on the Qualys SSL Labs SSL Server Rating Guide, but does
+not take protocol support (TLS version) into account, which makes up 30% of the
+SSL Labs rating.
 
 SSLv3/TLSv1 requires more effort to determine which ciphers and compression
 methods a server supports than SSLv2. A client lists the ciphers and compressors
@@ -43,6 +46,9 @@ It is recommended to use this script in conjunction with version detection
 (<code>-sV</code>) in order to discover SSL/TLS services running on unexpected
 ports. For the most common SSL ports like 443, 25 (with STARTTLS), 3389, etc.
 the script is smart enough to run on its own.
+
+References:
+* Qualys SSL Labs Rating Guide - https://www.ssllabs.com/projects/rating-guide/
 ]]
 
 ---