Updated SSL_CTX_new doc

Fixes #13703

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13741)

doc/man3/SSL_CTX_new.pod

@@ -73,11 +73,12 @@ functions
 
 =head1 DESCRIPTION
 
-SSL_CTX_new_ex() creates a new B<SSL_CTX> object as a framework to
-establish TLS/SSL or DTLS enabled connections using the library context
-I<libctx> (see L<OSSL_LIB_CTX(3)>). Any cryptographic algorithms that are used
-by any B<SSL> objects created from this B<SSL_CTX> will be fetched from the
-I<libctx> using the property query string I<propq> (see
+SSL_CTX_new_ex() creates a new B<SSL_CTX> object, which holds various
+configuration and data relevant to TLS/SSL or DTLS session establishment. The
+library context I<libctx> (see L<OSSL_LIB_CTX(3)>) is used to provide the
+cryptographic algorithms needed for the session. Any cryptographic algorithms
+that are used by any B<SSL> objects created from this B<SSL_CTX> will be fetched
+from the I<libctx> using the property query string I<propq> (see
 L<provider(7)/Fetching algorithms>. Either or both the I<libctx> or I<propq>
 parameters may be NULL.
 
@@ -90,6 +91,10 @@ SSL_CTX_free) decrements it. When the reference count drops to zero, any memory
 or resources allocated to the B<SSL_CTX> object are freed. SSL_CTX_up_ref()
 increments the reference count for an existing B<SSL_CTX> structure.
 
+An B<SSL_CTX> object should not be changed after it is used to create any B<SSL>
+objects or from multiple threads concurrently, since the implementation does not
+provide serialization of access for these cases.
+
 =head1 NOTES
 
 The SSL_CTX object uses I<method> as the connection method.