diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml
index 6028642b5f4..dc6494c2db0 100644
--- a/src/modules/tls/doc/params.xml
+++ b/src/modules/tls/doc/params.xml
@@ -1251,7 +1251,7 @@ end
 		is not designed for multi-process applications and can result in a crash.
 		Therefore set the PRNG engine to one of the options listed in this
 		section. If libssl 1.1.x (or newer) is detected at compile time, then
-		the PRNG engine is set to "fastrand".
+		the PRNG engine is set to "cryptorand".
 	</para>
 	<para>
 		The following options are avaialble:
@@ -1259,10 +1259,16 @@ end
 	<itemizedlist>
 		<listitem><para>krand - use internal kam_rand() function</para></listitem>
 		<listitem><para>fastrand - use internal fastrand function</para></listitem>
+		<listitem><para>cryptorand - use internal cryptorand (fortuna) function</para></listitem>
 	</itemizedlist>
+	<para>
+		Note: the krand and fastrand engines are not recommended for use on
+		systems requiring strong security, as they may not generate numbers
+		with enough randomness.
+	</para>
 	<para>
 		The default value is empty (not set) for libssl v1.0.x or older, and
-		"fastrand" for libssl v1.1.x or newer.
+		"cryptorand" for libssl v1.1.x or newer.
 	</para>
 	<example>
 	    <title>Set <varname>rand_engine</varname> parameter</title>