Removals * Remove config option MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES, which allowed SHA-1 in the default TLS configuration for certificate signing. It was intended to facilitate the transition in environments with SHA-1 certificates. SHA-1 is considered a weak message digest and its use constitutes a security risk.