Now SHA256 has been shown to be an adequate replacement for SHA1, use SHA256 for verifying all port downloads. Ref #2767
Fixes #2648