| Removals | |
| * Remove config option MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES, | |
| which allowed SHA-1 in the default TLS configuration for certificate | |
| signing. It was intended to facilitate the transition in environments | |
| with SHA-1 certificates. SHA-1 is considered a weak message digest and | |
| its use constitutes a security risk. | |
| Changes | |
| * Set config option MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE to be | |
| disabled by default. |