| Default behavior changes | |
| * Some default policies for X.509 certificate verification and TLS have | |
| changed: curves and hashes weaker than 255 bits are no longer accepted | |
| by default. The default order in TLS now favors faster curves over larger | |
| curves. | |
| Removals | |
| * Remove the compile-time option | |
| MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE. |