diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md
index 9c97b5d5c7..a3eebc59bb 100644
--- a/docs/use-psa-crypto.md
+++ b/docs/use-psa-crypto.md
@@ -12,8 +12,10 @@ Compile-time: enabling `MBEDTLS_USE_PSA_CRYPTO` requires
 `MBEDTLS_ECP_RESTARTABLE` and
 `MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER` to be disabled.
 
-Effect: `MBEDTLS_USE_PSA_CRYPTO` has no effect on TLS 1.3 for which PSA
-cryptography is mandatory.
+Scope: `MBEDTLS_USE_PSA_CRYPTO` has no effect on the parts of the code that
+are specific to TLS 1.3; those parts always use PSA Crypto. The parts of the
+TLS 1.3 code that are common with TLS 1.2, however, follow this option (this
+is currently just the record protection code).
 
 Stability: any API that's only available when `MBEDTLS_USE_PSA_CRYPTO` is
 defined is considered experimental and may change in incompatible ways at any