diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md
index 0794aba29f..c6e9c74f72 100644
--- a/docs/3.0-migration-guide.md
+++ b/docs/3.0-migration-guide.md
@@ -217,25 +217,25 @@ of this option for details.
 
 ### Separated `MBEDTLS_SHA224_C` and `MBEDTLS_SHA256_C`
 
-This does not affect users who use the default `mbedtls_config.h`. MBEDTLS_SHA256_C
-was enabled by default. Now both MBEDTLS_SHA256_C and MBEDTLS_SHA224_C are
+This does not affect users who use the default `mbedtls_config.h`. `MBEDTLS_SHA256_C`
+was enabled by default. Now both `MBEDTLS_SHA256_C` and `MBEDTLS_SHA224_C` are
 enabled.
 
-If you were using custom config file with MBEDTLS_SHA256_C enabled, then
+If you were using custom config file with `MBEDTLS_SHA256_C` enabled, then
 you will need to add `#define MBEDTLS_SHA224_C` option to your config.
-Current version of the library does not support enabling MBEDTLS_SHA256_C
-without MBEDTLS_SHA224_C.
+Current version of the library does not support enabling `MBEDTLS_SHA256_C`
+without `MBEDTLS_SHA224_C`.
 
 ### Replaced `MBEDTLS_SHA512_NO_SHA384` with `MBEDTLS_SHA384_C`
 
 This does not affect users who use the default `mbedtls_config.h`.
-MBEDTLS_SHA512_NO_SHA384 was disabled by default, now MBEDTLS_SHA384_C is
+`MBEDTLS_SHA512_NO_SHA384` was disabled by default, now `MBEDTLS_SHA384_C` is
 enabled by default.
 
-If you were using a config file with both MBEDTLS_SHA512_C and
-MBEDTLS_SHA512_NO_SHA384, then just remove the MBEDTLS_SHA512_NO_SHA384.
-If you were using a config file with MBEDTLS_SHA512_C and without
-MBEDTLS_SHA512_NO_SHA384 and you need the SHA-384 algorithm, then add
+If you were using a config file with both `MBEDTLS_SHA512_C` and
+MBEDTLS_SHA512_NO_SHA384, then just remove the `MBEDTLS_SHA512_NO_SHA384`.
+If you were using a config file with `MBEDTLS_SHA512_C` and without
+`MBEDTLS_SHA512_NO_SHA384` and you need the SHA-384 algorithm, then add
 `#define MBEDTLS_SHA384_C` to your config file.
 
 ### GCM multipart interface: application changes
@@ -532,7 +532,7 @@ function.
 The API is changed to include the parameter `critical` which enables marking an
 extension included in a CSR as critical. To get the previous behavior pass 0.
 
-### Remove the config option MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+### Remove the config option `MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION`
 
 This change does not affect users of the default configuration; it only affects
 users who enable this option.