diff --git a/_security/configuration/generate-certificates.md b/_security/configuration/generate-certificates.md
index 1841f9890c..d2bac73cb8 100755
--- a/_security/configuration/generate-certificates.md
+++ b/_security/configuration/generate-certificates.md
@@ -256,7 +256,7 @@ On one node, the security configuration portion of `opensearch.yml` might look l
 plugins.security.ssl.transport.pemcert_filepath: node1.pem
 plugins.security.ssl.transport.pemkey_filepath: node1-key.pem
 plugins.security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-plugins.security.ssl.transport.enforce_hostname_verification: false
+transport.ssl.enforce_hostname_verification: false
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.http.pemcert_filepath: node1.pem
 plugins.security.ssl.http.pemkey_filepath: node1-key.pem
diff --git a/_security/configuration/tls.md b/_security/configuration/tls.md
index c46c6ec8c8..50c9ce5170 100755
--- a/_security/configuration/tls.md
+++ b/_security/configuration/tls.md
@@ -160,6 +160,7 @@ Name | Description
 `plugins.security.ssl.transport.enforce_hostname_verification` (Deprecated) | This setting has been deprecated. Use `transport.ssl.enforce_hostname_verification` instead.
 `transport.ssl.resolve_hostname` | Whether to resolve hostnames using DNS on the transport layer. Optional. Default is `true`. Only works if hostname verification is enabled.
 `plugins.security.ssl.transport.resolve_hostname` (Deprecated) | This setting has been deprecated. Use `transport.ssl.resolve_hostname` instead.
+`transport.ssl.dual_mode.enabled` | Allows receiving both SSL and unencrypted traffic on the transport layer. Usually used temporarily while enabling SSL across a cluster. Optional. Default is `false`.
 
 
 ## (Advanced) Client authentication