diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h
index 677772126..495cd5ab3 100644
--- a/include/mbedtls/config_adjust_legacy_crypto.h
+++ b/include/mbedtls/config_adjust_legacy_crypto.h
@@ -34,30 +34,6 @@
 #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
 #define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
 
-/*
- * ECB, CBC, XTS, KW modes require both ENCRYPT and DECRYPT directions.
- * MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is only enabled when those modes
- * are not requested via the PSA API and are not enabled in the legacy API.
- *
- * DES only supports ECB and CBC modes in Mbed TLS. As it's a deprecated and
- * insecure block cipher, MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled when DES
- * is not requested via the PSA API and is not enabled in the legacy API.
- *
- * Note: XTS, KW are not yet supported via the PSA API in Mbed TLS.
- */
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#if !defined(PSA_WANT_ALG_ECB_NO_PADDING) && \
-    !defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
-    !defined(PSA_WANT_ALG_CBC_PKCS7) && \
-    !defined(PSA_WANT_KEY_TYPE_DES) && \
-    !defined(MBEDTLS_CIPHER_MODE_CBC) && \
-    !defined(MBEDTLS_CIPHER_MODE_XTS) && \
-    !defined(MBEDTLS_DES_C) && \
-    !defined(MBEDTLS_NIST_KW_C)
-#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT 1
-#endif
-#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
-
 /* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
  * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
  */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index af0761395..3caea9cc5 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -2383,6 +2383,25 @@
  */
 #define MBEDTLS_BASE64_C
 
+/**
+ * \def MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
+ *
+ * Remove decryption operation for AES, ARIA and Camellia block cipher.
+ *
+ * \note  This feature is incompatible with insecure block cipher,
+ *        MBEDTLS_DES_C, and cipher modes which always require decryption
+ *        operation, MBEDTLS_CIPHER_MODE_CBC, MBEDTLS_CIPHER_MODE_XTS and
+ *        MBEDTLS_NIST_KW_C.
+ *
+ * Module:  library/aes.c
+ *          library/aesce.c
+ *          library/aesni.c
+ *          library/aria.c
+ *          library/camellia.c
+ *          library/cipher.c
+ */
+//#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
+
 /**
  * \def MBEDTLS_BIGNUM_C
  *