diff --git a/policy/v1beta1/cfg.pb.go b/policy/v1beta1/cfg.pb.go
index 54816031613..3694c70bd51 100644
--- a/policy/v1beta1/cfg.pb.go
+++ b/policy/v1beta1/cfg.pb.go
@@ -1309,8 +1309,8 @@ type Tls struct {
 	//	*Tls_AuthHeader_
 	//	*Tls_CustomHeader
 	TokenType isTls_TokenType `protobuf_oneof:"token_type"`
-	// Indicates the name of adapter backend which is useful for routing with
-	// proxy-fronted backend.
+	// Used to configure mixer TLS client to verify the hostname on the returned
+	// certificates. It is also included in the client's handshake to support SNI.
 	ServerName string `protobuf:"bytes,6,opt,name=server_name,json=serverName,proto3" json:"server_name,omitempty"`
 }
 
@@ -1638,8 +1638,9 @@ type Mutual struct {
 	// verify the presented adapter certificates. By default Mixer should already
 	// include Istio CA certificates and system certificates in cert pool.
 	CaCertificates string `protobuf:"bytes,3,opt,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"`
-	// Indicates the name of adapter backend server which is useful for routing with
-	// proxy-fronted backend.
+	// Used to configure mixer mutual TLS client to supply server name for SNI.
+	// It is not used to verify the hostname of the peer certificate, since
+	// Istio verifies whitelisted SAN fields in mutual TLS.
 	ServerName string `protobuf:"bytes,4,opt,name=server_name,json=serverName,proto3" json:"server_name,omitempty"`
 }
 
diff --git a/policy/v1beta1/cfg.proto b/policy/v1beta1/cfg.proto
index 1bdfbba7886..e70b2dcf55f 100644
--- a/policy/v1beta1/cfg.proto
+++ b/policy/v1beta1/cfg.proto
@@ -490,8 +490,8 @@ message Tls {
     string custom_header = 5;
   }
 
-  // Indicates the name of adapter backend which is useful for routing with
-  // proxy-fronted backend.
+  // Used to configure mixer TLS client to verify the hostname on the returned
+  // certificates. It is also included in the client's handshake to support SNI.
   string server_name = 6;
 }
 
@@ -530,7 +530,8 @@ message Mutual {
   // include Istio CA certificates and system certificates in cert pool.
   string ca_certificates = 3;
 
-  // Indicates the name of adapter backend server which is useful for routing with
-  // proxy-fronted backend.
+  // Used to configure mixer mutual TLS client to supply server name for SNI.
+  // It is not used to verify the hostname of the peer certificate, since 
+  // Istio verifies whitelisted SAN fields in mutual TLS.
   string server_name = 4;
 }
diff --git a/policy/v1beta1/istio.policy.v1beta1.pb.html b/policy/v1beta1/istio.policy.v1beta1.pb.html
index f92ca16ff66..eae62809d7f 100644
--- a/policy/v1beta1/istio.policy.v1beta1.pb.html
+++ b/policy/v1beta1/istio.policy.v1beta1.pb.html
@@ -1012,8 +1012,9 @@ <h2 id="Mutual">Mutual</h2>
 <td><code>serverName</code></td>
 <td><code>string</code></td>
 <td>
-<p>Indicates the name of adapter backend server which is useful for routing with
-proxy-fronted backend.</p>
+<p>Used to configure mixer mutual TLS client to supply server name for SNI.
+It is not used to verify the hostname of the peer certificate, since
+Istio verifies whitelisted SAN fields in mutual TLS.</p>
 
 </td>
 </tr>
@@ -1328,8 +1329,8 @@ <h2 id="Tls">Tls</h2>
 <td><code>serverName</code></td>
 <td><code>string</code></td>
 <td>
-<p>Indicates the name of adapter backend which is useful for routing with
-proxy-fronted backend.</p>
+<p>Used to configure mixer TLS client to verify the hostname on the returned
+certificates. It is also included in the client&rsquo;s handshake to support SNI.</p>
 
 </td>
 </tr>