Thanks for this - yes, this looks like a good thing to add. The only gotcha is ensuring it's not going to cause compilation problems for other targets before enabling as it could use more flash - but when I get a moment I'll check on that.

It seems you are significantly better versed in this than me: So are there any cipher suites that Espruino supports that are currently deprecated/unused and could be removed from the build?

Unfortunately I'm not an expert in cyber security, however I've found this article with some statistics about most used cipher suites:
https://scotthelme.co.uk/top-1-million-analysis-march-2020. It seems that the TLS_RSA suites are hardly used anymore.

Just a note on this:

MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED, MBEDTLS_DHM_C, MBEDTLS_GCM_C, and also added two lines:
libs/crypto/mbedtls/library/dhm.c
libs/crypto/mbedtls/library/gcm.c

I've checked here and for Espruino WiFi:

• before (just RSA) 341616
• as you suggested 347120
• as you suggested with RSA removed 346208

So it'd save about 1k taking the old one out. I'm just checking whether everything still builds ok, but if it does I think it makes sense to leave both in for now to avoid breaking stuff that might have worked previously.