diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig
index 58b73e09b5..5f168e4762 100644
--- a/components/mbedtls/Kconfig
+++ b/components/mbedtls/Kconfig
@@ -1029,16 +1029,4 @@ menu "mbedTLS"
             then the ESP will be unable to process keys greater
             than SOC_RSA_MAX_BIT_LEN.
 
-    menuconfig MBEDTLS_SECURITY_RISKS
-        bool "Show configurations with potential security risks"
-        default n
-
-    config MBEDTLS_ALLOW_UNSUPPORTED_CRITICAL_EXT
-        bool "X.509 CRT parsing with unsupported critical extensions"
-        depends on MBEDTLS_SECURITY_RISKS
-        default n
-        help
-            Allow the X.509 certificate parser to load certificates
-            with unsupported critical extensions
-
 endmenu  # mbedTLS
diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
index dcd06b485e..7e5f307678 100644
--- a/components/mbedtls/port/include/mbedtls/esp_config.h
+++ b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -2737,25 +2737,6 @@
  */
 #define MBEDTLS_X509_CRT_WRITE_C
 
-/**
- * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
- *
-  * Alow the X509 parser to not break-off when parsing an X509 certificate
- * and encountering an unknown critical extension.
- *
- * Module:  library/x509_crt.c
- *
- * Requires: MBEDTLS_X509_CRT_PARSE_C
- *
- * This module is supports loading of certificates with extensions that
- * may not be supported by mbedtls.
- */
-#ifdef CONFIG_MBEDTLS_ALLOW_UNSUPPORTED_CRITICAL_EXT
-#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-#else
-#undef MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-#endif
-
 /**
  * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
  *