diff --git a/enable-tls-between-clients-and-servers.md b/enable-tls-between-clients-and-servers.md
index 9e83d7ee300b1..705495753da68 100644
--- a/enable-tls-between-clients-and-servers.md
+++ b/enable-tls-between-clients-and-servers.md
@@ -107,7 +107,7 @@ If the `ssl-ca` parameter is not specified in the TiDB server or MySQL client, t
 
 - To perform mutual authentication, meet both of the above requirements.
 
-By default, the server-to-client authentication is optional. Even if the client does not present its certificate of identification during the TLS handshake, the TLS connection can be still established. You can also require the client to be authenticated by specifying `require 509` when creating a user (`create user`), granting permissions (`grant`), or modifying an existing user (`alter user`). The following is an example of creating a user:
+By default, the server-to-client authentication is optional. Even if the client does not present its certificate of identification during the TLS handshake, the TLS connection can be still established. You can also require the client to be authenticated by specifying `require x509` when creating a user (`create user`), granting permissions (`grant`), or modifying an existing user (`alter user`). The following is an example of creating a user:
 
 {{< copyable "sql" >}}