Insecure and weak SSH algorithms disabled for Git service
Change effective on 17 October 2017
We strengthened the SSH transport for our Git service by disabling the following algorithms:
- Key exchange algorithms
- “diffie-hellman-group14-sha1”
- “diffie-hellman-group1-sha1”
- Encryption algorithms
- “arcfour256”
- “arcfour128”
- Mac algorithms:
- “hmac-sha1”
- “hmac-sha1-96”
If you’re using one of these algorithms, you should expect to see the following error:
$ git push heroku master
Unable to negotiate a key exchange method
You’ll need to upgrade your SSH client or change to HTTP transport to ensure secure transfer.