https://download.electrum.org/Electrum-2.1.1.tar.gz
https://download.electrum.org/Electrum-2.1.1.tar.gz.asc
Checking site with ssllabs:
https://www.ssllabs.com/ssltest/analyze.html?d=electrum.org
The site scores 80/100 on Key Exchange. Is the below 'WEAK' entries antyhing at all to be concerned about?
Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH 256 bits (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH 256 bits (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH 256 bits (eq. 3072 bits RSA) FS 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits (p: 128, g: 128, Ys: 128) FS WEAK 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 1024 bits (p: 128, g: 128, Ys: 128) FS WEAK 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits (p: 128, g: 128, Ys: 128) FS WEAK 256
The only handshake simulation which had a match was:
OpenSSL 0.9.8y TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) FS 256
But that's an old OpenSSL version.
Further, I found ThomasV's pubkey here:
https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc
http://pgp.surfnet.nl:11371/pks/lookup?op=get&search=0x2BD5824B7F9470E6
But as you can see, those are different, why?