Last year github made a very notable posted on Weak cryptographic standards deprecation update:
Since the announcement, we have been focusing on the impact of disabling the
diffie-hellman-group1-sha1
anddiffie-hellman-group14-sha1
key exchanges for SSH. As of last week, we have enableddiffie-hellman-group-exchange-sha256
. This key exchange method is widely supported and will allow most legacy clients to seamlessly transition away fromdiffie-hellman-group1-sha1
anddiffie-hellman-group14-sha1
.
from their Weak cryptographic standards deprecation update, and they promised in their own words that by February 1, 2018, they will “reduce the incompatible traffic percentage even further before disabling support for the older key exchange algorithms”.
They successfully fulfilled their promise, and made some very import upgrade in their deprecated algorithms that might have probably lead to security leaks, they went further and said:
“While only a small fraction of traffic currently makes use of the deprecated algorithms, and many clients will automatically transition and start using the new algorithms, there is invariably going to be a small fraction of clients that will be impacted. We expect most of these are older systems that are no longer maintained, but continue to access Git/the GitHub API using the deprecated algorithms. To help mitigate this, we will temporarily disable support for the deprecated algorithms for one hour on February 8, 2018 19::00 UTC. By disabling support for the deprecated algorithms for a small window, these systems will temporarily fail to connect to GitHub. We will then restore support for the deprecated algorithms and provide a two week grace period for these systems to upgrade their libraries before we disable support for the deprecated algorithms permanently on February 22, 2018.”
from their Weak cryptographic standards removal notice, and they prepared a very nice piece of algorithms in their system.
These turns out to be a very cool stuff, but some users claimed not having any idea about the new update, trust me, the new update is all for our good, so please do yourself more good by reading more about the Weak cryptographic standards removal notice on their GitHub Engineering blog.