diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
index 681e3a7197..17a1e5a50b 100644
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@@ -150,6 +150,12 @@ menu "mbedTLS"
             SHA hardware acceleration is faster than software in some situations but
             slower in others. You should benchmark to find the best setting for you.
 
+    config SHA1_IN_CERTIFICATES
+        bool "Enable SHA1 in certificates"
+        default n
+        help
+            This option enables sha1 to encryption certificates
+
     config MBEDTLS_HAVE_TIME
         bool "Enable mbedtls time"
         depends on !ESP32_TIME_SYSCALL_USE_NONE
diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
index 85f2abe37d..97f72501f8 100644
--- a/components/mbedtls/port/include/mbedtls/esp_config.h
+++ b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -272,6 +272,15 @@
 #define MBEDTLS_MPI_MUL_MPI_ALT
 #endif
 
+/* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES to enable SHA1 support
+   to certificates.
+*/
+#ifdef CONFIG_SHA1_IN_CERTIFICATES
+#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+#else
+#undef MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+#endif
+
 /**
  * \def MBEDTLS_MD2_PROCESS_ALT
  *