diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt
index cb61ed18e8..bd15d3a8bd 100644
--- a/ChangeLog.d/mbedtls_ssl_set_hostname.txt
+++ b/ChangeLog.d/mbedtls_ssl_set_hostname.txt
@@ -8,6 +8,9 @@ Default behavior changes
      call mbedtls_ssl_set_hostname() with NULL as the hostname, or
      enable the new compile-time option
      MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
+     The content of ssl->hostname after mbedtls_ssl_set_hostname(ssl, NULL)
+     has changed, see the documentation of the hostname field in the
+     mbedtls_ssl_context struct type for details.
 
 Security
    * Note that TLS clients should generally call mbedtls_ssl_set_hostname()
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 541fcc8e6f..f89f470341 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1449,7 +1449,10 @@ struct mbedtls_ssl_context {
      *  \p hostname argument.
      * - A special value to indicate that mbedtls_ssl_set_hostname()
      *   was called with \p NULL (as opposed to never having been called).
-     *   See `mbedtls_ssl_get_hostname_pointer()` in `ssl_tls.c`.
+     *
+     * If you need to obtain the value passed to
+     * mbedtls_ssl_set_hostname() even if it may have been called with
+     * \p NULL, call mbedtls_ssl_get_hostname_pointer().
      *
      * If this field contains the value \p NULL and the configuration option
      * #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index fdc1719c5a..e3873690f7 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -1214,7 +1214,6 @@ static inline size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
     return 4;
 }
 
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
 /** Get the host name from the SSL context.
  *
  * \param[in]   ssl     SSL context
@@ -1224,7 +1223,6 @@ static inline size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
  *         \p ssl or if it was last called with \p NULL.
  */
 const char *mbedtls_ssl_get_hostname_pointer(const mbedtls_ssl_context *ssl);
-#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl);
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 91b4ae9473..65d5b964d3 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -62,11 +62,6 @@ static int mbedtls_ssl_has_set_hostname_been_called(
 }
 #endif
 
-/* Micro-optimization: don't export this function if it isn't needed outside
- * of this source file. */
-#if !defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-static
-#endif
 const char *mbedtls_ssl_get_hostname_pointer(const mbedtls_ssl_context *ssl)
 {
     if (ssl->hostname == ssl_hostname_skip_cn_verification) {