diff --git a/ChangeLog.d/allow_alt_cmac_without_des.txt b/ChangeLog.d/allow_alt_cmac_without_des.txt
new file mode 100644
index 0000000000..5193a9e61e
--- /dev/null
+++ b/ChangeLog.d/allow_alt_cmac_without_des.txt
@@ -0,0 +1,3 @@
+Changes
+   * Alternative implementations of CMAC may now opt to not support 3DES as a
+     CMAC block cipher, and still pass the CMAC self test.
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index cb538d0925..b67305ce50 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -198,6 +198,13 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
 /**
  * \brief          The CMAC checkup routine.
  *
+ * \note           In case the CMAC routines are provided by an alternative
+ *                 implementation (i.e. #MBEDTLS_CMAC_ALT is defined), the
+ *                 checkup routine will succeed even if the implementation does
+ *                 not support the less widely used AES-192 or 3DES primitives.
+ *                 The self-test requires at least AES-128 and AES-256 to be
+ *                 supported by the underlying implementation.
+ *
  * \return         \c 0 on success.
  * \return         \c 1 on failure.
  */