/* \} name SECTION: mbed TLS modules */
+@@ -2646,7 +2646,7 @@
+ * recommended because of it is possible to generte SHA-1 collisions, however
+ * this may be safe for legacy infrastructure where additional controls apply.
+ */
+-// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
++#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+
+ /**
+ * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake