diff --git a/data/settings.js b/data/settings.js
index a6b97a596..c62570a8a 100644
--- a/data/settings.js
+++ b/data/settings.js
@@ -10095,7 +10095,7 @@ Note: [[setting,auth_ssl_username_from_cert]] MUST be enabled.`
 	},
 
 	ssl_cipher_list: {
-		default: 'ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH',
+		default: 'ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH (for ssl_server, empty for ssl_client)',
 		seealso: [ 'ssl', 'ssl_cipher_suites', 'ssl_min_protocol', '[[link,ssl_configuration]]' ],
 		values: setting_types.STRING,
 		text: `
@@ -10121,6 +10121,13 @@ This setting is used for both incoming and outgoing SSL connections.
 See: https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites`
 	},
 
+	ssl_client: {
+		seealso: [ 'ssl', 'ssl_server', '[[link,ssl_configuration]]' ],
+		values: setting_types.NAMED_FILTER,
+		text: `
+Named filter, which can be used for specifying SSL client settings.`
+	},
+
 	ssl_client_ca_dir: {
 		seealso: [ 'ssl', '[[link,ssl_configuration]]' ],
 		values: setting_types.STRING,
@@ -10375,6 +10382,13 @@ Note: This setting doesn't yet require the certificate to be valid or
 to even exist. See [[setting,auth_ssl_require_client_cert]].`
 	},
 
+	ssl_server: {
+		seealso: [ 'ssl', 'ssl_client', '[[link,ssl_configuration]]' ],
+		values: setting_types.NAMED_FILTER,
+		text: `
+Named filter, which can be used for specifying SSL server settings.`
+	},
+
 	state_dir: {
 		default: '/var/lib/dovecot',
 		values: setting_types.STRING,