diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 8d1041ce00bdddda696bc84ac8b2d668d69a0225..bc0d1cc9b6f3e7bc5ef799d4f81154abd885ba6c 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -270,6 +270,10 @@ int ssl3_accept(SSL *s)
 				&& !(l & SSL_KRB5)
 #endif /* OPENSSL_NO_KRB5 */
 				)
+				/* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
+				 * even when forbidden by protocol specs
+				 * (handshake may fail as clients are not required to
+				 * be able to handle this) */
 				s->s3->tmp.use_rsa_tmp=1;
 			else
 				s->s3->tmp.use_rsa_tmp=0;