diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 60b5133d9..5797136ca 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -499,8 +499,8 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
  * - The (static) encryption/decryption keys for the cipher.
  * - For stream/CBC, the type of message digest to be used.
  * - For stream/CBC, (static) encryption/decryption keys for the digest.
- * - For AEAD transformations, the size (potentially 0) of an explicit
- *   initialization vector placed in encrypted records.
+ * - For AEAD transformations, the size (potentially 0) of an explicit,
+ *   random initialization vector placed in encrypted records.
  * - For some transformations (currently AEAD and CBC in SSL3 and TLS 1.0)
  *   an implicit IV. It may be static (e.g. AEAD) or dynamic (e.g. CBC)
  *   and (if present) is combined with the explicit IV in a transformation-
@@ -509,6 +509,11 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer;
  * - The details of the transformation depend on the SSL/TLS version.
  * - The length of the authentication tag.
  *
+ * Note: Except for CBC in SSL3 and TLS 1.0, these parameters are
+ *       constant across multiple encryption/decryption operations.
+ *       For CBC, the implicit IV needs to be updated after each
+ *       operation.
+ *
  * The struct below refines this abstract view as follows:
  * - The cipher underlying the transformation is managed in
  *   cipher contexts cipher_ctx_{enc/dec}, which must have the