From 9347545f9ee66210a835cb2f1e9860949feb139f Mon Sep 17 00:00:00 2001
From: Damien George <damien@micropython.org>
Date: Wed, 5 Oct 2022 10:48:31 +1100
Subject: [PATCH] extmod/mbedtls: Enable
 MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE.

This was already enabled on all ports except mimxrt.  Now it's enabled on
all of them.

Signed-off-by: Damien George <damien@micropython.org>
---
 extmod/mbedtls/mbedtls_config_common.h | 1 +
 ports/rp2/mbedtls/mbedtls_config.h     | 1 -
 ports/stm32/mbedtls/mbedtls_config.h   | 1 -
 ports/unix/mbedtls/mbedtls_config.h    | 1 -
 4 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/extmod/mbedtls/mbedtls_config_common.h b/extmod/mbedtls/mbedtls_config_common.h
index 6c9385dea5..4c2be6228a 100644
--- a/extmod/mbedtls/mbedtls_config_common.h
+++ b/extmod/mbedtls/mbedtls_config_common.h
@@ -82,6 +82,7 @@
 #define MBEDTLS_SSL_CLI_C
 #define MBEDTLS_SSL_SRV_C
 #define MBEDTLS_SSL_TLS_C
+#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
 #define MBEDTLS_X509_CRT_PARSE_C
 #define MBEDTLS_X509_USE_C
 
diff --git a/ports/rp2/mbedtls/mbedtls_config.h b/ports/rp2/mbedtls/mbedtls_config.h
index 61f622295f..9c930b7d9c 100644
--- a/ports/rp2/mbedtls/mbedtls_config.h
+++ b/ports/rp2/mbedtls/mbedtls_config.h
@@ -34,7 +34,6 @@
 #define MBEDTLS_ECDH_C
 #define MBEDTLS_ECP_C
 #define MBEDTLS_GCM_C
-#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
 #define MBEDTLS_HAVE_TIME
 #define MBEDTLS_HAVE_TIME_DATE
 
diff --git a/ports/stm32/mbedtls/mbedtls_config.h b/ports/stm32/mbedtls/mbedtls_config.h
index b8548866f1..cc71aa7ec1 100644
--- a/ports/stm32/mbedtls/mbedtls_config.h
+++ b/ports/stm32/mbedtls/mbedtls_config.h
@@ -28,7 +28,6 @@
 
 // Enable mbedtls modules
 // #define MBEDTLS_ECP_C
-#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
 
 // Set MicroPython-specific options.
 #define MICROPY_MBEDTLS_CONFIG_BARE_METAL (1)
diff --git a/ports/unix/mbedtls/mbedtls_config.h b/ports/unix/mbedtls/mbedtls_config.h
index c83f1c86f3..c8ffab0832 100644
--- a/ports/unix/mbedtls/mbedtls_config.h
+++ b/ports/unix/mbedtls/mbedtls_config.h
@@ -32,7 +32,6 @@
 // Enable mbedtls modules
 #define MBEDTLS_HAVEGE_C
 #define MBEDTLS_TIMING_C
-#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
 
 // Include common mbedtls configuration.
 #include "extmod/mbedtls/mbedtls_config_common.h"