https://download.electrum.org/Electrum-2.1.1.tar.gz
https://download.electrum.org/Electrum-2.1.1.tar.gz.asc
Checking site with ssllabs:
https://www.ssllabs.com/ssltest/analyze.html?d=electrum.org
The site scores 80/100 on Key Exchange. Is the below 'WEAK' entries antyhing at all to be concerned about?
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH 256 bits (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH 256 bits (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH 256 bits (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits (p: 128, g: 128, Ys: 128) FS WEAK 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 1024 bits (p: 128, g: 128, Ys: 128) FS WEAK 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits (p: 128, g: 128, Ys: 128) FS WEAK 256
The only handshake simulation which had a match was:
But that's an old OpenSSL version.
Further, I found ThomasV's pubkey here:
https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc
http://pgp.surfnet.nl:11371/pks/lookup?op=get&search=0x2BD5824B7F9470E6
But as you can see, those are different, why?