diff --git a/components/ssl/Kconfig b/components/ssl/Kconfig
index 161c5ca4..9e674fe3 100644
--- a/components/ssl/Kconfig
+++ b/components/ssl/Kconfig
@@ -39,6 +39,25 @@ config MBEDTLS_SSL_MAX_CONTENT_LEN
         handshake or a return value of MBEDTLS_ERR_SSL_INVALID_RECORD
         (-0x7200).
 
+choice MBEDTLS_RSA_BITLEN_MIN
+    prompt "RSA minimum bit length"
+    default MBEDTLS_RSA_BITLEN_2048
+    help
+        mbedTLS's minimum bit length is 2048, but some customers's key RSA bits is 1024.
+
+        With the option users can configurate the value to make mbedTLS support 1024 bits RSA key.
+
+config MBEDTLS_RSA_BITLEN_1024
+    bool "1024(not safe)"
+config MBEDTLS_RSA_BITLEN_2048
+    bool "2048"
+endchoice
+
+config MBEDTLS_RSA_BITLEN_MIN
+    int
+    default 1024 if MBEDTLS_RSA_BITLEN_1024
+    default 2048 if MBEDTLS_RSA_BITLEN_2048
+
 config MBEDTLS_DEBUG
    bool "Enable mbedTLS debugging"
    default n
diff --git a/components/ssl/mbedtls/mbedtls/library/x509_crt.c b/components/ssl/mbedtls/mbedtls/library/x509_crt.c
index daa31636..c869e8d3 100644
--- a/components/ssl/mbedtls/mbedtls/library/x509_crt.c
+++ b/components/ssl/mbedtls/mbedtls/library/x509_crt.c
@@ -96,7 +96,7 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
     0xFFFFFFF, /* Any PK alg    */
     0xFFFFFFF, /* Any curve     */
-    2048,
+    MBEDTLS_RSA_BITLEN_MIN,
 };
 
 /*
@@ -121,7 +121,7 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
 #else
     0,
 #endif
-    2048,
+    MBEDTLS_RSA_BITLEN_MIN,
 };
 
 /*
@@ -185,6 +185,9 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
         if( mbedtls_pk_get_bitlen( pk ) >= profile->rsa_min_bitlen )
             return( 0 );
 
+        MBEDTLS_DEBUGF("ERROR: Certification RSA bit length is %d and should be >= %d",
+                mbedtls_pk_get_bitlen(pk), MBEDTLS_RSA_BITLEN_MIN);
+
         return( -1 );
     }
 #endif
diff --git a/components/ssl/mbedtls/port/esp8266/include/mbedtls/esp_config.h b/components/ssl/mbedtls/port/esp8266/include/mbedtls/esp_config.h
index cf21710e..64b8efa9 100644
--- a/components/ssl/mbedtls/port/esp8266/include/mbedtls/esp_config.h
+++ b/components/ssl/mbedtls/port/esp8266/include/mbedtls/esp_config.h
@@ -2967,6 +2967,14 @@
 #include MBEDTLS_USER_CONFIG_FILE
 #endif
 
+#ifdef CONFIG_MBEDTLS_RSA_BITLEN_MIN
+#define MBEDTLS_RSA_BITLEN_MIN CONFIG_MBEDTLS_RSA_BITLEN_MIN
+#else
+#define MBEDTLS_RSA_BITLEN_MIN 2048
+#endif
+
+#define MBEDTLS_DEBUGF(_fmt, ...)   printf(_fmt "\r\n", ##__VA_ARGS__)
+
 #include "mbedtls/check_config.h"
 
 #endif /* MBEDTLS_CONFIG_H */