Now SHA256 has been shown to be an adequate replacement for SHA1, use SHA256 for verifying all port downloads. Ref #2767
Issue #2528