Weak cryptographic standards removal notice

February 1, 2018
ptoomey3

Last year we announced the deprecation of several weak cryptographic standards. Then we provided a status update toward the end of last year outlining some changes we'd made to make the transition easier for clients. We quickly approached the February 1, 2018 cutoff date we mentioned in previous posts and, as a result, pushed back our schedule by one week. On February 8, 2018 we'll start disabling the following:

TLSv1/TLSv1.1: This applies to all HTTPS connections, including web, API, and git connections to https://github.com and https://api.github.com.
diffie-hellman-group1-sha1: This applies to all SSH connections to github.com
diffie-hellman-group14-sha1: This applies to all SSH connections to github.com

We'll disable the algorithms in two stages:

February 8, 2018 19:00 UTC (11:00 am PST): Disable deprecated algorithms for one hour
February 22, 2018 19:00 UTC (11:00 am PST): Permanently disable deprecated algorithms

For more details, head to the Engineering Blog.

This content may be out of date. For the newest content, see the API posts on the GitHub Blog.

All of GitHub's Docs are now in one place! You can see Apps, REST API, and GraphQL API on GitHub Docs.

Weak cryptographic standards removal notice

Recent Posts

This content may be out of date. For the newest content, see the API posts on the GitHub Blog. All of GitHub's Docs are now in one place! You can see Apps, REST API, and GraphQL API on GitHub Docs.

Weak cryptographic standards removal notice

Recent Posts

This content may be out of date. For the newest content, see the API posts on the GitHub Blog.

All of GitHub's Docs are now in one place! You can see Apps, REST API, and GraphQL API on GitHub Docs.