diff --git a/lib/DBD/mysql.pm b/lib/DBD/mysql.pm
index ec107a6..dc5eb06 100644
--- a/lib/DBD/mysql.pm
+++ b/lib/DBD/mysql.pm
@@ -1162,7 +1162,10 @@ location for the socket than that built into the client.
 A true value turns on the CLIENT_SSL flag when connecting to the MySQL
 database:
 
-  mysql_ssl=1
+When enabling SSL encryption you should set also other SSL options,
+at least mysql_ssl_ca_file or mysql_ssl_ca_path.
+
+  mysql_ssl=1 mysql_ssl_verify_server_cert=1 mysql_ssl_ca_file=/path/to/ca_cert.pem
 
 This means that your communication with the server will be encrypted.
 
@@ -1170,21 +1173,54 @@ Please note that this can only work if you enabled SSL when compiling
 DBD::mysql; this is the default starting version 4.034.
 See L<DBD::mysql::INSTALL> for more details.
 
-If you turn mysql_ssl on, you might also wish to use the following
-flags:
+=item mysql_ssl_ca_file
+
+The path to a file in PEM format that contains a list of trusted SSL
+certificate authorities.
+
+When set MySQL server certificate is checked that it is signed by some
+CA certificate in the list.  Common Name value is not verified unless
+C<mysql_ssl_verify_server_cert> is enabled.
+
+=item mysql_ssl_ca_path
+
+The path to a directory that contains trusted SSL certificate authority
+certificates in PEM format.
+
+When set MySQL server certificate is checked that it is signed by some
+CA certificate in the list.  Common Name value is not verified unless
+C<mysql_ssl_verify_server_cert> is enabled.
+
+Please note that this option is supported only if your MySQL client was
+compiled with OpenSSL library, and not with default yaSSL library.
+
+=item mysql_ssl_verify_server_cert
+
+Checks the server's Common Name value in the certificate that the server
+sends to the client.  The client verifies that name against the host name
+the client uses for connecting to the server, and the connection fails if
+there is a mismatch.  For encrypted connections, this option helps prevent
+man-in-the-middle attacks.
+
+Verification of the host name is disabled by default.
 
 =item mysql_ssl_client_key
 
-=item mysql_ssl_client_cert
+The name of the SSL key file in PEM format to use for establishing
+a secure connection.
 
-=item mysql_ssl_ca_file
+=item mysql_ssl_client_cert
 
-=item mysql_ssl_ca_path
+The name of the SSL certificate file in PEM format to use for
+establishing a secure connection.
 
 =item mysql_ssl_cipher
 
-These are used to specify the respective parameters of a call
-to mysql_ssl_set, if mysql_ssl is turned on.
+A list of permissible ciphers to use for connection encryption.  If no
+cipher in the list is supported, encrypted connections will not work.
+
+  mysql_ssl_cipher=AES128-SHA
+  mysql_ssl_cipher=DHE-RSA-AES256-SHA:AES128-SHA
 
 
 =item mysql_local_infile