diff --git a/CHANGELOG.md b/CHANGELOG.md
index ebb4552182..78735db696 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -33,6 +33,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Changed
 - Updated libcxx to version 10.0.1
+- Now the OpenSSL is built with threads support (with the dependency on the host). Note that the previous versions of OpenSSL are not suitable for multi-threaded applications.
 
 [v0.17.2][v0.17.2_log]
 --------------
diff --git a/docs/OpenSSLSupport.md b/docs/OpenSSLSupport.md
index e9acdfe743..4bc87ddd36 100644
--- a/docs/OpenSSLSupport.md
+++ b/docs/OpenSSLSupport.md
@@ -65,7 +65,6 @@ The OpenSSL on OE is configured with following options
 - no-ssl3
 - no-whirlpool
   - Disable Whirlpool hash.
-- no-threads
 - no-ui-console
   - Disable support for the openssl command-line tool that is not required by OE.
 - no-zlib
@@ -87,6 +86,19 @@ In addition, OpenSSL by default disables the following algorithms/features
 - Heartbeats extension
 - SCTP (Stream Control Transimission Protocol) protocol
 
+# Threads Support
+
+*Note:* Only the version after v0.17.2 has the `threads` support. Previous versions of
+OpenSSL are not built with this support and therefore are not suitable for multi-threaded
+applications.
+
+OE SDK configures the OpenSSL with `threads` support, which uses OE's thread lock
+primitives, to ensure thread-safe when accessing internal objects. Note that the lock
+primitives are based on internal OCALLS (`OE_OCALL_THREAD_WAIT` and `OE_OCALL_THREAD_WAKE`)
+given that SGX does not support such mechanisms. This support allows the developers
+to use the library in multi-threaded enclave applications. Note that the thread saftey
+holds only if the host is not compromised.
+
 # How to use RAND APIs
 
 *Note:* Starting from v0.13, users no longer need to manually opt into the RDRAND engine (as described in this