diff --git a/doc/sphinx/rules/tls-keywords.rst b/doc/sphinx/rules/tls-keywords.rst
index 5e891a68f6..5ff137de43 100644
--- a/doc/sphinx/rules/tls-keywords.rst
+++ b/doc/sphinx/rules/tls-keywords.rst
@@ -1,4 +1,4 @@
-TLS Keywords
+SSL/TLS Keywords
 ============
 
 Suricata comes with several rule keywords to match on various properties of TLS/SSL handshake. Matches are string inclusion matches.
@@ -68,3 +68,12 @@ tls.store
 store TLS/SSL certificate on disk
 
 Support added in Suricata version 1.4.
+
+ssl_state
+---------
+
+The ``ssl_state`` keyword matches the state of the SSL connection. The possible states
+are ``client_hello``, ``server_hello``, ``client_keyx``, ``server_keyx`` and ``unknown``.
+You can specify several states with ``|`` (OR) to check for any of the specified states.
+
+Negation support is not available yet, see https://redmine.openinfosecfoundation.org/issues/1231