diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 3c5a28407..5d3cdb58f 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -2644,7 +2644,6 @@
  * \def MBEDTLS_MD_C
  *
  * Enable the generic layer for message digest (hashing) and HMAC.
- * This will automatically enable #MBEDTLS_MD_LIGHT
  *
  * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C,
  *                   MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C,
@@ -2673,25 +2672,6 @@
  */
 #define MBEDTLS_MD_C
 
-/**
- * \def MBEDTLS_MD_LIGHT
- *
- * Enable the "light" subset of #MBEDTLS_MD_C: just hashing and basic
- * meta-data (see md.h for details).
- *
- * This is automatically enabled whenever #MBEDTLS_MD_C is enabled, but it is
- * possible to enable this without #MBEDTLS_MD_C if support for HMAC or extra
- * metadata functions is not needed.
- *
- * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C,
- *                   MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C,
- *                   MBEDTLS_SHA512_C.
- * Module:  library/md.c
- *
- * Uncomment to enabled the "light" subsect of MD.
- */
-#define MBEDTLS_MD_LIGHT
-
 /**
  * \def MBEDTLS_MD5_C
  *
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 8c77ea0c0..3341d1cc0 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -4,16 +4,6 @@
  * \brief   This file contains the generic functions for message-digest
  *          (hashing) and HMAC.
  *
- *          Availability of functions in this module is controlled by two
- *          feature macros:
- *          - #MBEDTLS_MD_C enables the whole module;
- *          - #MBEDTLS_MD_LIGHT enables only functions for hashing and accessing
- *          most hash metadata (everything except string names); is it
- *          automatically set whenever #MBEDTLS_MD_C is defined.
- *
- *          The functions that are only available when #MBEDTLS_MD_C is defined
- *          are grouped at the end of the file and guarded by this macro.
- *
  * \author Adriaan de Jong <dejong@fox-it.com>
  */
 /*
@@ -300,12 +290,6 @@ MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
                unsigned char *output);
 
-/************************************************************************
- * Functions below this separator are not part of MBEDTLS_MD_LIGHT      *
- * and require MBEDTLS_MD_C                                             *
- ************************************************************************/
-
-#if defined(MBEDTLS_MD_C)
 /**
  * \brief           This function returns the list of digests supported by the
  *                  generic digest module.
@@ -487,7 +471,6 @@ MBEDTLS_CHECK_RETURN_TYPICAL
 int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
                     const unsigned char *input, size_t ilen,
                     unsigned char *output);
-#endif /* MBEDTLS_MD_C */
 
 #ifdef __cplusplus
 }
diff --git a/library/md.c b/library/md.c
index 8aecd39f0..c1cf67460 100644
--- a/library/md.c
+++ b/library/md.c
@@ -23,6 +23,20 @@
 
 #include "common.h"
 
+/*
+ * Availability of functions in this module is controlled by two
+ * feature macros:
+ * - MBEDTLS_MD_C enables the whole module;
+ * - MBEDTLS_MD_LIGHT enables only functions for hashing and accessing
+ * most hash metadata (everything except string names); is it
+ * automatically set whenever MBEDTLS_MD_C is defined.
+ *
+ * In the future we may want to change the contract of some functions
+ * (behaviour with NULL arguments) depending on whether MD_C is defined or
+ * only MD_LIGHT. Also, the exact scope of MD_LIGHT might vary.
+ *
+ * For these reasons, we're keeping MD_LIGHT internal for now.
+ */
 #if defined(MBEDTLS_MD_LIGHT)
 
 #include "mbedtls/md.h"
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index ad5073574..0758282d6 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1231,11 +1231,11 @@ component_test_crypto_full_md_light_only () {
     # Disable indirect dependencies of MD
     scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG
     # Enable "light" subset of MD
-    scripts/config.py set MBEDTLS_MD_LIGHT
-    make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
+    make CFLAGS="$ASAN_CFLAGS -DMBEDTLS_MD_LIGHT" LDFLAGS="$ASAN_CFLAGS"
 
-    # Make sure we don't have the HMAC functions
+    # Make sure we don't have the HMAC functions, but the hashing functions
     not grep mbedtls_md_hmac library/md.o
+    grep mbedtls_md library/md.o
 
     msg "test: crypto_full with only the light subset of MD"
     make test