diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index de49d3af9..fa935c798 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1369,9 +1369,10 @@
  * Fallback to old, non-conforming implementation of the truncated
  * HMAC extension which also truncates the HMAC key.
  *
- * \warning This should only be enabled temporarily when the use
- *          of truncated HMAC is mandatory *and* the peer is an Mbed TLS
- *          stack that doesn't use the fixed implementation yet.
+ * \warning This should only be enabled temporarily when (1) the use of
+ *          truncated HMAC is essential in order to save bandwidth, and
+ *          (2) the peer is an Mbed TLS stack that doesn't use the fixed
+ *          implementation yet (version number <= 2.6.0).
  *
  * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
  *
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 62de5f274..3cd1d6299 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -718,7 +718,8 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
 
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
             /* Fall back to old, non-compliant version of the truncated
-             * HMAC implementation which also truncates the key. */
+             * HMAC implementation which also truncates the key
+             * (Mbed TLS versions from 1.3 to 2.6.0) */
             mac_key_len = transform->maclen;
 #endif
         }