diff --git a/docs/rolereference.rst b/docs/rolereference.rst
index d1f2f41e06fe801b42aabe3f5e6fbe5c2e0582f3..38c16054d2ee9ad84634867b7a59c6d20f26a9b1 100644
--- a/docs/rolereference.rst
+++ b/docs/rolereference.rst
@@ -764,7 +764,13 @@ Parameters
      Under Debian Stretch, the DHE ciphers are not usable due to a bug
      present in OpenLDAP 2.4.44. See
      https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1656979
-     for details.
+     for details. DHE ciphers are usable under Debian Buster.
+
+     It should be also noted that under Debian Buster, slapd will not
+     use the DH parameters generated by the role, but will instead use
+     them to pick one of the recommended DH parameters from `RFC-7919
+     <https://www.ietf.org/rfc/rfc7919.txt>`_. This is based on the
+     size of role-generated parameters.
 
   TLS ciphers to enable on the LDAP server. This should be a GnuTLS-compatible
   cipher specification that should also include what TLS protocol versions