Weak cryptographic standards deprecation update

September 21, 2017
ptoomey3

GitHub announced the deprecation, and eventual disablement, of our use of the below cryptographic standards in a prior post.

TLSv1/TLSv1.1 - This applies to all HTTPS connections, including web, API, and Git connections to https://github.com and https://api.github.com.
diffie-hellman-group1-sha1 - This applies to all SSH connections to github.com.
diffie-hellman-group14-sha1 - This applies to all SSH connections to github.com.

Since publication, we have enabled diffie-hellman-group-exchange-sha256, which will allow the majority of SSH clients to seamlessly transition away from the deprecated algorithms. As noted in the original announcement, we plan to disable TLSv1/TLSv1.1, diffie-hellman-group1-sha1, and diffie-hellman-group14-sha1 on February 1, 2018.

For full details on the deprecation update, please see our GitHub Engineering blog post.

As always, if you have any questions, please get in touch.

This content may be out of date. For the newest content, see the API posts on the GitHub Blog.

All of GitHub's Docs are now in one place! You can see Apps, REST API, and GraphQL API on GitHub Docs.