Weak cryptographic standards deprecation update

GitHub announced the deprecation, and eventual disablement, of our use of the below cryptographic standards in a prior post.

  • TLSv1/TLSv1.1 - This applies to all HTTPS connections, including web, API, and Git connections to https://github.com and https://api.github.com.
  • diffie-hellman-group1-sha1 - This applies to all SSH connections to github.com.
  • diffie-hellman-group14-sha1 - This applies to all SSH connections to github.com.

Since publication, we have enabled diffie-hellman-group-exchange-sha256, which will allow the majority of SSH clients to seamlessly transition away from the deprecated algorithms. As noted in the original announcement, we plan to disable TLSv1/TLSv1.1, diffie-hellman-group1-sha1, and diffie-hellman-group14-sha1 on February 1, 2018.

For full details on the deprecation update, please see our GitHub Engineering blog post.

As always, if you have any questions, please get in touch.