diff --git a/system-variables.md b/system-variables.md
index 3e84c5bff2236..d4a36fb372b69 100644
--- a/system-variables.md
+++ b/system-variables.md
@@ -651,7 +651,7 @@ This variable is an alias for [`last_insert_id`](#last_insert_id).
 
 > **Note:**
 >
-> This variable is read-only for [{{{ .starter }}}](https://docs.pingcap.com/tidbcloud/select-cluster-tier#starter) and [{{{ .essential }}}](https://docs.pingcap.com/tidbcloud/select-cluster-tier#essential).
+> This variable is read-only for [{{{ .starter }}}](https://docs.pingcap.com/tidbcloud/select-cluster-tier#starter) and [{{{ .essential }}}](https://docs.pingcap.com/tidbcloud/select-cluster-tier#essential). Its effective value is controlled by TiDB Cloud.
 
 - Scope: SESSION | GLOBAL
 - Persists to cluster: Yes
@@ -661,6 +661,7 @@ This variable is an alias for [`last_insert_id`](#last_insert_id).
 - The value should be an integer multiple of 1024. If the value is not divisible by 1024, a warning will be prompted and the value will be rounded down. For example, when the value is set to 1025, the actual value in TiDB is 1024.
 - The maximum packet size allowed by the server and the client in one transmission of packets.
 - In the `SESSION` scope, this variable is read-only.
+- In Starter deployment mode, the effective value is configured by [`max-allowed-packet`](/tidb-configuration-file.md#max-allowed-packet-new-in-v900). TiDB uses the configured value when initializing sessions and when reporting the global `max_allowed_packet` value.
 - This variable is compatible with MySQL.
 
 ### max_user_connections <span class="version-mark">New in v9.0.0</span>
@@ -889,6 +890,8 @@ mysql> SHOW GLOBAL VARIABLES LIKE 'max_prepared_stmt_count';
 > **Note:**
 >
 > Currently, this variable is not supported on [TiDB Cloud Dedicated](https://docs.pingcap.com/tidbcloud/select-cluster-tier#tidb-cloud-dedicated). DO **NOT** enable this variable for TiDB Cloud Dedicated clusters. Otherwise, you might get SQL client connection failures. This restriction is a temporary control measure and will be resolved in a future release.
+>
+> For [{{{ .starter }}}](https://docs.pingcap.com/tidbcloud/select-cluster-tier#starter) and [{{{ .essential }}}](https://docs.pingcap.com/tidbcloud/select-cluster-tier#essential), this variable is read-only and always returns `ON`.
 
 - Scope: GLOBAL
 - Persists to cluster: Yes
@@ -904,11 +907,11 @@ mysql> SHOW GLOBAL VARIABLES LIKE 'max_prepared_stmt_count';
 
 <CustomContent platform="tidb-cloud">
 
-- This variable ensures that all connections to TiDB are either on a local socket, or using TLS.
+- For TiDB Cloud, secure connection behavior is managed by the service. For [{{{ .starter }}}](https://docs.pingcap.com/tidbcloud/select-cluster-tier#starter) and [{{{ .essential }}}](https://docs.pingcap.com/tidbcloud/select-cluster-tier#essential), this variable is exposed as `ON` and cannot be changed by SQL statements.
 
 </CustomContent>
 
-- Setting this variable to `ON` requires you to connect to TiDB from a session that has TLS enabled. This helps prevent lock-out scenarios when TLS is not configured correctly.
+- For TiDB Self-Managed, setting this variable to `ON` requires you to connect to TiDB from a session that has TLS enabled. This helps prevent lock-out scenarios when TLS is not configured correctly.
 - This setting was previously a `tidb.toml` option (`security.require-secure-transport`), but changed to a system variable starting from TiDB v6.1.0.
 - Starting from v6.5.6, v7.1.2, v7.5.1, and v8.0.0, when Security Enhanced Mode (SEM) is enabled, setting this variable to `ON` is prohibited to avoid potential connectivity issues for users.
 
diff --git a/tidb-cloud/limited-sql-features.md b/tidb-cloud/limited-sql-features.md
index efa8101580cb6..d3fec85a2f6ec 100644
--- a/tidb-cloud/limited-sql-features.md
+++ b/tidb-cloud/limited-sql-features.md
@@ -125,10 +125,10 @@ TiDB Cloud works with almost all workloads that TiDB supports, but there are som
 |:-|:-|:-|
 | `datadir` | No limitation | Not supported [^1] |
 | `interactive_timeout` | No limitation | Read-only [^10] |
-| `max_allowed_packet` | No limitation | Read-only [^10] |
+| `max_allowed_packet` | No limitation | Read-only; controlled by TiDB Cloud [^10] |
 | `plugin_dir` | No limitation | Not supported [^8] |
 | `plugin_load` | No limitation | Not supported [^8] |
-| `require_secure_transport` | Not supported [^12] | Read-only [^10] |
+| `require_secure_transport` | Not supported [^12] | Read-only and always `ON` [^10] |
 | `skip_name_resolve` | No limitation | Read-only [^10] |
 | `sql_log_bin` | No limitation | Read-only [^10] |
 | `tidb_analyze_skip_column_types` | No limitation | Read-only [^10] |
diff --git a/tidb-configuration-file.md b/tidb-configuration-file.md
index d28d953d16f40..7548c27d0406b 100644
--- a/tidb-configuration-file.md
+++ b/tidb-configuration-file.md
@@ -43,6 +43,15 @@ The TiDB configuration file supports more options than command-line parameters.
 + Minimum value: `1`
 + Maximum value: `1048576`
 
+### `max-allowed-packet` <span class="version-mark">New in v9.0.0</span>
+
++ Configures the effective value of [`max_allowed_packet`](/system-variables.md#max_allowed_packet-new-in-v610) in Starter deployment mode.
++ Default value: `67108864` (64 MiB)
++ Minimum value: `1024`
++ Maximum value: `1073741824`
++ The value must be an integer multiple of `1024`.
++ This configuration item takes effect only in Starter deployment mode. In other deployment modes, configure the packet size by using the `max_allowed_packet` system variable.
+
 ### `temp-dir` <span class="version-mark">New in v6.3.0</span>
 
 + File system location used by TiDB to store temporary data. If a feature requires local storage in TiDB nodes, TiDB stores the corresponding temporary data in this location.
@@ -521,7 +530,7 @@ Configuration items related to performance.
 - The size limit of a single key-value record in a transaction. If the size limit is exceeded, TiDB returns the `entry too large` error. The maximum value of this configuration item does not exceed `125829120` (120 MB).
 - Starting from v7.6.0, you can use the system variable [`tidb_txn_entry_size_limit`](/system-variables.md#tidb_txn_entry_size_limit-new-in-v760) to dynamically modify the value of this configuration item.
 - Note that TiKV has a similar limit. If the data size of a single write request exceeds [`raft-entry-max-size`](/tikv-configuration-file.md#raft-entry-max-size), which is 8 MB by default, TiKV refuses to process this request. When a table has a row of large size, you need to modify both configurations at the same time.
-- The default value of [`max_allowed_packet`](/system-variables.md#max_allowed_packet-new-in-v610) (the maximum size of a packet for the MySQL protocol) is 67108864 (64 MiB). If a row is larger than `max_allowed_packet`, the row gets truncated.
+- The default value of [`max_allowed_packet`](/system-variables.md#max_allowed_packet-new-in-v610) (the maximum size of a packet for the MySQL protocol) is 67108864 (64 MiB). In Starter deployment mode, its effective value is configured by [`max-allowed-packet`](#max-allowed-packet-new-in-v900). If a row is larger than `max_allowed_packet`, the row gets truncated.
 - The default value of [`txn-total-size-limit`](#txn-total-size-limit) (the size limit of a single transaction in TiDB) is 100 MiB. If you increase the `txn-entry-size-limit` value to be over 100 MiB, you need to increase the `txn-total-size-limit` value accordingly.
 
 ### `txn-total-size-limit`