GitHub Engineering

Earlier this year, we announced the deprecation of several weak cryptographic standards. As noted during our initial announcement, the vast majority of HTTPS clients connect to GitHub using TLSv1.2 and won’t be affected by our disabling of TLSv1/TLSv1.1. Since the announcement, we have been focusing on the impact of disabling the diffie-hellman-group1-sha1 and diffie-hellman-group14-sha1 key exchanges for SSH. As of last week, we have enabled diffie-hellman-group-exchange-sha256. This key exchange method is widely supported and will allow most legacy clients to seamlessly transition away from diffie-hellman-group1-sha1 and diffie-hellman-group14-sha1.

Since enabling diffie-hellman-group-exchange-sha256, we have seen some traffic automatically transition and start using the new key exchange algorithm. However, we still see a small percentage of traffic continue to use the older key exchange algorithms. This occurs for two reasons:

  • The client prefers the older algorithms.
  • The client doesn’t support the newer algorithm.

The most common reason a client might prefer an older algorithm is because it is an older client, and support for a more modern algorithm was new and not yet made the default. The majority of traffic currently preferring the older algorithms does support diffie-hellman-group-exchange-sha256 and will transition to using it when we disable the older algorithms. The remaining traffic are clients that don’t support the newer key exchange algorithm and will be unable to connect to GitHub when we disable support for the older algorithms. This is a very small percentage of traffic, but we would like to see if we can reduce the incompatible traffic percentage even further before disabling support for the older key exchange algorithms on February 1, 2018.

We performed a deeper analysis of the “banner” sent to us from incompatible clients during connection setup and found the vast majority of the traffic is from various older versions of a popular Java library that implements the SSH protocol. Our logs show that JSch started supporting diffie-hellman-group-exchange-sha256 in version 0.1.51 (released in 2014), but there are clients using older releases of the library. We are continuing to analyze our log data to try to identify projects that are using older versions of JSch, or any other incompatible library, so we can reach out to them directly.

Conclusion

As noted in the original announcement, we plan to disable TLSv1/TLSv1.1, diffie-hellman-group1-sha1, and diffie-hellman-group14-sha1 on February 1, 2018. Given that support for diffie-hellman-group-exchange-sha256 is deployed, this provides approximately five months for us (and external developers) to identify projects that are using outdated libraries, such as JSch, and upgrade to a more recent release. As always, if you have any questions or concerns related to this announcement, please don’t hesitate to contact us.

ptoomey3

Application Security Engineer

Keeping an eye on our network GitHub Debug