image: TechCrunch

GitHub Enforces Stronger Encryption

February 23, 2018

GitHub this week permanently disabled a series of weak cryptographic standards across its software development platform in an attempt to better protect users.

As of Feb. 22, 2018, the TLSv1/TLSv1.1 standard is no longer used on HTTPS connections to GitHub. The change affects all web, API, and git connections to and, Patrick Toomey, Application Security Engineer, GitHub, says.

The platform also retired the diffie-hellman-group1-sha1 and diffie-hellman-group14-sha1 encryption standards, a move that affects all SSH connections to This change follows the enabling of the diffie-hellman-group-exchange-sha256 standard on GitHub in September 2017.

Read More on Security Week