diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 575520825..97caad881 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -3864,14 +3864,12 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
 /**
  * \brief          Set the EC J-PAKE opaque password for current handshake.
  *
- * \note           An internal copy is made, and destroyed as soon as the
- *                 handshake is completed, or when the SSL context is reset or
- *                 freed.
+ * \note           The input key in not copied, so the caller must not destroy
+ *                 it before the handshake is over.
  *
  * \note           The SSL context needs to be already set up. The right place
  *                 to call this function is between \c mbedtls_ssl_setup() or
  *                 \c mbedtls_ssl_reset() and \c mbedtls_ssl_handshake().
- *                 Password cannot be empty (see RFC 8236).
  *
  * \param ssl      SSL context
  * \param pwd      EC J-PAKE opaque password