diff --git a/javacli/build-android b/javacli/build-android
index 2fcfa404..0ea3a166 100755
--- a/javacli/build-android
+++ b/javacli/build-android
@@ -75,7 +75,7 @@ $GPP_CMD \
     -DASIO_STANDALONE \
     -DASIO_NO_DEPRECATED \
     -DHAVE_LZ4 \
-    -DOPENVPN_USE_TLS_MD5 \
+    -DOPENVPN_ALLOW_INSECURE_CERTPROFILE \
     -DASIO_HAS_STD_STRING_VIEW \
     -I$O3/core/client \
     -I$O3/core \
diff --git a/openvpn/mbedtls/ssl/sslctx.hpp b/openvpn/mbedtls/ssl/sslctx.hpp
index 044dd913..fcc854f8 100644
--- a/openvpn/mbedtls/ssl/sslctx.hpp
+++ b/openvpn/mbedtls/ssl/sslctx.hpp
@@ -138,7 +138,7 @@ namespace openvpn {
        * X509 cert profiles.
        */
 
-#ifdef OPENVPN_USE_TLS_MD5
+#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
       // This profile includes the broken MD5 alrogithm.
       // We are going to ship support for this algorithm for a limited
       // amount of time to allow our users to switch to something else
@@ -598,7 +598,7 @@ namespace openvpn {
       {
 	switch (TLSCertProfile::default_if_undef(tls_cert_profile))
 	  {
-#ifdef OPENVPN_USE_TLS_MD5
+#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
 	  case TLSCertProfile::INSECURE:
 	    return &mbedtls_ctx_private::crt_profile_insecure;
 #endif
diff --git a/openvpn/openssl/ssl/sslctx.hpp b/openvpn/openssl/ssl/sslctx.hpp
index 90e30d9e..a9c91860 100644
--- a/openvpn/openssl/ssl/sslctx.hpp
+++ b/openvpn/openssl/ssl/sslctx.hpp
@@ -1314,7 +1314,7 @@ namespace openvpn {
 	    OPENVPN_THROW(ssl_context_error,
 			  "OpenSSLContext: undefined tls-cert-profile");
 	    break;
-#ifdef OPENVPN_USE_TLS_MD5
+#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
 	  case TLSCertProfile::INSECURE:
 	    SSL_CTX_set_security_level(ctx, 0);
 	    break;
diff --git a/openvpn/ssl/tls_cert_profile.hpp b/openvpn/ssl/tls_cert_profile.hpp
index 0cc11a1c..7e28e007 100644
--- a/openvpn/ssl/tls_cert_profile.hpp
+++ b/openvpn/ssl/tls_cert_profile.hpp
@@ -34,7 +34,7 @@ namespace openvpn {
   namespace TLSCertProfile {
     enum Type {
       UNDEF=0,
-#ifdef OPENVPN_USE_TLS_MD5
+#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
       INSECURE,
 #endif
       LEGACY,
@@ -56,7 +56,7 @@ namespace openvpn {
 	{
 	case UNDEF:
 	  return "UNDEF";
-#ifdef OPENVPN_USE_TLS_MD5
+#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
 	case INSECURE:
 	  return "INSECURE";
 #endif
@@ -73,7 +73,7 @@ namespace openvpn {
 
     inline Type parse_tls_cert_profile(const std::string& profile_name)
     {
-#ifdef OPENVPN_USE_TLS_MD5
+#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
       if (profile_name == "insecure")
 	return INSECURE;
       else
@@ -108,7 +108,7 @@ namespace openvpn {
       const Type orig = type;
       if (override.empty() || override == "default")
 	;
-#ifdef OPENVPN_USE_TLS_MD5
+#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
       else if (override == "insecure-default")
         {
 	  if (orig == UNDEF)
@@ -125,7 +125,7 @@ namespace openvpn {
 	  if (orig == UNDEF)
 	    type = PREFERRED;
 	}
-#ifdef OPENVPN_USE_TLS_MD5
+#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
       else if (override == "insecure")
 	type = INSECURE;
 #endif
diff --git a/test/ovpncli/cli.cpp b/test/ovpncli/cli.cpp
index 8e3d23b1..f20d39be 100644
--- a/test/ovpncli/cli.cpp
+++ b/test/ovpncli/cli.cpp
@@ -1302,7 +1302,7 @@ int openvpn_client(int argc, char *argv[], const std::string* profile_content)
       std::cout << "--tvm-override, -M    : tls-version-min override (disabled, default, tls_1_x)" << std::endl;
       std::cout << "--legacy-algorithms, -L: Enable legacy algorithm (OpenSSL legacy provider)" << std::endl;
       std::cout << "--tcprof-override, -X : tls-cert-profile override (" <<
-#ifdef OPENVPN_USE_TLS_MD5
+#ifdef OPENVPN_ALLOW_INSECURE_CERTPROFILE
           "insecure, " <<
 #endif
           "legacy, preferred, etc.)" << std::endl;