Do Son GitHub announced on the GitHub engineering blog that they will stop supporting the weak encryption standard.
Encryption standards are constantly evolving like the standard game for cats and mice in the world of security – as new attacks emerge, old standards can no longer be dealt with and communities are encouraged to develop new and stronger standards instead of them.
In the past few years, there have been a lot of incidents in the industry about cryptographic attacks, including but not limited to attacks such as POODLE and Logjam. Although there are ways to deal with these attacks, all of these show that several widely deployed encryption standards have entered the “heroic” phase and it is time to retire. As a result, GitHub announced last year that they want to deprecate and eventually disable the encryption standard:
TLSv1/TLSv1.1– This applies to all HTTPS connections, including web, API, and git connections to https://github.com and https://api.github.com.diffie-hellman-group1-sha1– This applies to all SSH connections to github.com.diffie-hellman-group14-sha1– This applies to all SSH connections to github.com.
At the time, GitHub said all of these standards will be discontinued on February 1, 2018 – today.
To minimize the number of users affected by this change, GitHub did the following before disabling support:
- Post quarterly updates to the GitHub engineering and GitHub developer blogs to remind people of the deprecation and encourage them to prepare for the change.
- Reach out to popular projects that we know to be currently incompatible with these changes.
- Update our own SSH implementation to add support for
diffie-hellman-group-exchange-sha256, as this will minimize the number of SSH clients affected.
Developers and users who want to see this news are able to upgrade their operating system, library, or client software to be compatible with these changes.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
