Disable MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE in default config. Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>

commit: 7d13539d1b3562669d8dc6de98ed2255e0a84f24 [log] [tgz]
author: Mateusz Starzyk <mateusz.starzyk@mobica.com> Fri Aug 27 15:36:47 2021 +0200
committer: Mateusz Starzyk <mateusz.starzyk@mobica.com> Mon Sep 06 12:19:25 2021 +0200
tree: be58140cd180e81e0c5c4002599d69f93dd52f6d
parent: b3d344c2250a21c954335f7c5b4ee05ebe452356 [diff]
diff --git a/ChangeLog.d/remove_default_alllow_sha1.txt b/ChangeLog.d/remove_default_alllow_sha1.txt
index 633504b..9ec10cf 100644
--- a/ChangeLog.d/remove_default_alllow_sha1.txt
+++ b/ChangeLog.d/remove_default_alllow_sha1.txt

@@ -4,3 +4,7 @@
      signing. It was intended to facilitate the transition in environments
      with SHA-1 certificates. SHA-1 is considered a weak message digest and
      its use constitutes a security risk.
+
+Changes
+   * Set config option MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE to be
+     disabled by default.

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index a95ec02..2c7bed2 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h

@@ -3912,7 +3912,7 @@
  *            on it, and considering stronger message digests instead.
  *
  */
-#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
+//#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
 
 /**
  * Uncomment the macro to let mbed TLS use your alternate implementation of
commit	7d13539d1b3562669d8dc6de98ed2255e0a84f24	[log] [tgz]
author	Mateusz Starzyk <mateusz.starzyk@mobica.com>	Fri Aug 27 15:36:47 2021 +0200
committer	Mateusz Starzyk <mateusz.starzyk@mobica.com>	Mon Sep 06 12:19:25 2021 +0200
tree	be58140cd180e81e0c5c4002599d69f93dd52f6d
parent	b3d344c2250a21c954335f7c5b4ee05ebe452356 [diff]