Do the same than for MD5 but for SHA-1 because SHA-1 is no longer collision-resistant so not recommended for RSA. Note even HMAC does not rely on this property so for instance HMAC-MD5 is a priori safe this argument is not enough to make new implementations not support MD5. There is no reason the same will not happen with SHA-1, it just should take time (i.e. some years).