
Addressing post-quantum cryptography with CodeQL
Learn how researchers and security experts at GitHub, Microsoft, and Santander came together to address the challenges presented by the post-quantum cryptography world.
Last year we announced the deprecation of several weak cryptographic standards. Then we provided a status update toward the end of last year outlining some changes we’d made to make the transition easier for clients. We quickly approached the February 1, 2018 cutoff date we mentioned in previous posts and, as a result, pushed back our schedule by one week. On February 8, 2018 we’ll start disabling the following:
TLSv1
/TLSv1.1
: This applies to all HTTPS connections, including web, API, and git connections to https://github.com and https://api.github.com.diffie-hellman-group1-sha1
: This applies to all SSH connections to github.comdiffie-hellman-group14-sha1
: This applies to all SSH connections to github.comWe’ll disable the algorithms in two stages:
For more details, head to the Engineering Blog.