diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile
index 99d6330b6..7ce48f0dc 100644
--- a/package/libs/mbedtls/Makefile
+++ b/package/libs/mbedtls/Makefile
@@ -16,7 +16,6 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?
 PKG_HASH:=6797a7b6483ef589deeab8d33d401ed235d7be25eeecda1be8ddfed406d40ff4
 
-PKG_BUILD_PARALLEL:=1
 PKG_LICENSE:=GPL-2.0-or-later
 PKG_LICENSE_FILES:=gpl-2.0.txt
 PKG_CPE_ID:=cpe:/a:arm:mbed_tls
@@ -46,6 +45,7 @@ $(call Package/mbedtls/Default)
   CATEGORY:=Libraries
   SUBMENU:=SSL
   TITLE+= (library)
+  PKGFLAGS:=nonshared
   ABI_VERSION:=12
 endef
 
@@ -67,13 +67,11 @@ config LIBMBEDTLS_HAVE_ARMV8CE_AES
 	bool
 	default y
 	prompt "Enable use of the ARMv8 Crypto Extensions"
-	depends on aarch64 && !TARGET_bcm27xx && !TARGET_bcm4908
+	depends on aarch64 && !TARGET_bcm27xx
 	help
 	 Use of the ARMv8 Crypto Extensions greatly increase performance
 	 (up to 4x faster on AES-GCM while 10x faster on raw AES).
 
-	 Related instructions should be included in all modern Aarch64
-	 devices, except some wastes like Broadcom.
 	 If you don't sure, say Y here.
 
 config LIBMBEDTLS_HAVE_SSE2
@@ -118,8 +116,6 @@ This package contains mbedtls helper programs for private key and
 CSR generation (gen_key, cert_req)
 endef
 
-PKG_INSTALL:=1
-
 TARGET_CFLAGS += -ffunction-sections -fdata-sections
 TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS))
 ifneq ($(CONFIG_LIBMBEDTLS_HAVE_ARMV8CE_AES),)
@@ -175,4 +171,4 @@ define Package/mbedtls-util/install
 endef
 
 $(eval $(call BuildPackage,libmbedtls))
-$(eval $(call BuildPackage,mbedtls-util))
+$(eval $(call BuildPackage,mbedtls-util))
\ No newline at end of file
diff --git a/package/libs/mbedtls/patches/100-Implements-with-ARMv8-CE.patch b/package/libs/mbedtls/patches/100-Implements-with-ARMv8-CE.patch
index 4205fe77a..d4900724a 100644
--- a/package/libs/mbedtls/patches/100-Implements-with-ARMv8-CE.patch
+++ b/package/libs/mbedtls/patches/100-Implements-with-ARMv8-CE.patch
@@ -27,12 +27,12 @@ QEMU seems to also need
 Then run normal make or cmake etc.
 ---
 
---- a/ChangeLog.d/armv8_crypto_extensions.txt
+--- /dev/null
 +++ b/ChangeLog.d/armv8_crypto_extensions.txt
 @@ -0,0 +1,2 @@
 +Features
 +    * Support ARMv8 Cryptography Extensions for AES and GCM.
---- a/include/mbedtls/armv8ce_aes.h
+--- /dev/null
 +++ b/include/mbedtls/armv8ce_aes.h
 @@ -0,0 +1,63 @@
 +/**
@@ -100,7 +100,7 @@ Then run normal make or cmake etc.
 +#endif /* MBEDTLS_ARMV8CE_AES_H */
 --- a/include/mbedtls/check_config.h
 +++ b/include/mbedtls/check_config.h
-@@ -95,6 +95,10 @@
+@@ -72,6 +72,10 @@
  #error "MBEDTLS_AESNI_C defined, but not all prerequisites"
  #endif
  
@@ -111,14 +111,14 @@ Then run normal make or cmake etc.
  #if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
  #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
  #endif
-@@ -772,3 +776,4 @@
+@@ -897,3 +901,4 @@
  typedef int mbedtls_iso_c_forbids_empty_translation_units;
  
  #endif /* MBEDTLS_CHECK_CONFIG_H */
 +
 --- a/include/mbedtls/config.h
 +++ b/include/mbedtls/config.h
-@@ -73,6 +73,7 @@
+@@ -46,6 +46,7 @@
   * Requires support for asm() in compiler.
   *
   * Used in:
@@ -126,7 +126,7 @@ Then run normal make or cmake etc.
   *      library/aria.c
   *      library/timing.c
   *      include/mbedtls/bn_mul.h
-@@ -1888,6 +1889,21 @@
+@@ -2313,6 +2314,21 @@
  #define MBEDTLS_AESNI_C
  
  /**
@@ -150,7 +150,7 @@ Then run normal make or cmake etc.
   * Enable the AES block cipher.
 --- a/library/aes.c
 +++ b/library/aes.c
-@@ -69,7 +69,9 @@
+@@ -39,7 +39,9 @@
  #if defined(MBEDTLS_AESNI_C)
  #include "mbedtls/aesni.h"
  #endif
@@ -161,7 +161,7 @@ Then run normal make or cmake etc.
  #if defined(MBEDTLS_SELF_TEST)
  #if defined(MBEDTLS_PLATFORM_C)
  #include "mbedtls/platform.h"
-@@ -1052,6 +1054,11 @@
+@@ -999,6 +1001,11 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_c
          return( mbedtls_aesni_crypt_ecb( ctx, mode, input, output ) );
  #endif
  
@@ -173,7 +173,7 @@ Then run normal make or cmake etc.
  #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
      if( aes_padlock_ace )
      {
---- a/library/armv8ce_aes.c
+--- /dev/null
 +++ b/library/armv8ce_aes.c
 @@ -0,0 +1,142 @@
 +/*
@@ -320,7 +320,7 @@ Then run normal make or cmake etc.
 +#endif /* MBEDTLS_ARMV8CE_AES_C */
 --- a/library/CMakeLists.txt
 +++ b/library/CMakeLists.txt
-@@ -7,6 +7,7 @@
+@@ -15,6 +15,7 @@ set(src_crypto
      aesni.c
      arc4.c
      aria.c
@@ -330,7 +330,7 @@ Then run normal make or cmake etc.
      base64.c
 --- a/library/gcm.c
 +++ b/library/gcm.c
-@@ -71,6 +71,10 @@
+@@ -41,6 +41,10 @@
  #include "mbedtls/aesni.h"
  #endif
  
@@ -341,7 +341,7 @@ Then run normal make or cmake etc.
  #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
  #include "mbedtls/aes.h"
  #include "mbedtls/platform.h"
-@@ -140,6 +144,12 @@
+@@ -87,6 +91,12 @@ static int gcm_gen_table( mbedtls_gcm_co
      if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, h, 16, h, &olen ) ) != 0 )
          return( ret );
  
@@ -352,9 +352,9 @@ Then run normal make or cmake etc.
 +#endif
 +
      /* pack h as two 64-bits ints, big-endian */
-     GET_UINT32_BE( hi, h,  0  );
-     GET_UINT32_BE( lo, h,  4  );
-@@ -248,6 +258,11 @@
+     hi = MBEDTLS_GET_UINT32_BE( h,  0  );
+     lo = MBEDTLS_GET_UINT32_BE( h,  4  );
+@@ -196,6 +206,11 @@ static void gcm_mult( mbedtls_gcm_contex
      unsigned char lo, hi, rem;
      uint64_t zh, zl;
  
@@ -368,18 +368,17 @@ Then run normal make or cmake etc.
          unsigned char h[16];
 --- a/library/Makefile
 +++ b/library/Makefile
-@@ -72,6 +72,7 @@
- 	     aesni.o \
- 	     arc4.o \
+@@ -74,6 +74,7 @@ OBJS_CRYPTO= \
  	     aria.o \
-+	     armv8ce_aes.o \
  	     asn1parse.o \
  	     asn1write.o \
++	     armv8ce_aes.o \
  	     base64.o \
-
+ 	     bignum.o \
+ 	     blowfish.o \
 --- a/library/version_features.c
 +++ b/library/version_features.c
-@@ -583,6 +583,9 @@
+@@ -624,6 +624,9 @@ static const char * const features[] = {
  #if defined(MBEDTLS_AESNI_C)
      "MBEDTLS_AESNI_C",
  #endif /* MBEDTLS_AESNI_C */
diff --git a/package/libs/mbedtls/patches/100-fix-compile.patch b/package/libs/mbedtls/patches/101-fix-compile.patch
similarity index 100%
rename from package/libs/mbedtls/patches/100-fix-compile.patch
rename to package/libs/mbedtls/patches/101-fix-compile.patch
diff --git a/package/libs/mbedtls/patches/200-config.patch b/package/libs/mbedtls/patches/200-config.patch
index 54d4cf431..b4b3f0ab3 100644
--- a/package/libs/mbedtls/patches/200-config.patch
+++ b/package/libs/mbedtls/patches/200-config.patch
@@ -225,4 +225,3 @@
 +//#define MBEDTLS_XTEA_C
  
  /** \} name SECTION: mbed TLS modules */
-