Posted on 2017-04-15
Reliable defences work on multiple levels. The latest release of the Nimbus JOSE + JWT library adds an extra protection against invalid curve attacks by preventing construction and parsing of public EC JSON Web Keys whose public coordinates don’t fit the specified curve. With that the number of checks is increased to three:
First level: Preventing parsing and construction of EC JWK instances with invalid curve.
Second level: A curve check is performed prior to ECDH-ES decryption or ECDSA signature validation.
- Third level: Curve check performed by the underlying JCA provider, where available (the default SUN provider after v 1.8.0_51, BouncyCastle).
The invalid curve attack targets ECDH-ES encryption, with the aim to recover the private EC key.
version 4.36 (2017-04-13)
- Adds a check at ECKey construction time to ensure the public ‘x’ and ‘y’ coordinates are on the specified curve (iss #217).
- Adds a check at ECDSAVerifier construction time to ensure the public key is on the specified curve (iss #217).
- Adds a new ECDSAProvider.supportedECDSAAlgorithm() method that returns the name of the supported ECDSA algorithm (ES256, ES384 or ES512).
Posted on 2017-04-12
This is a small maintenance release of the Connect2id server.
Fixes client_secret provisioning client_secret_jwt authentication with HS384 and HS512 at the token endpoint to ensure the client secret is of sufficient length for the HMAC algorithm.
- Upgrades several dependencies under the hood - the OAuth 2.0 / OpenID Connect SDK, Nimbus JOSE+JWT, the JDBC connector for MySQL databases and Log4j.
To download a ZIP package of Connect2id server 6.6.1:
As WAR package only:
Get in touch Connect2id support to receive assistance.
- No changes
- No changes
- For client_secret provisioning for client_secret_jwt authentication with HS384 and HS512 at the token endpoint to ensure the client secret is of sufficient length for the HMAC algorithm (issue #272).
Upgrades to com.nimbusds:oauth2-oidc-sdk:5.24.2
Upgrades to com.nimbusds:nimbus-jose-jwt:4.35
Upgrades to mysql:mysql-connector-java:5.1.41
- Upgrades to Log4j 2.8.2
Posted on 2017-04-10
Deprecates use of SHA-1
CWI and Google’s announcement of a practical technique for producing SHA-1 collisions served a wake-up call to the industry to finally commit to phasing out the 22 year old hash algorithm and move to the newer and more secure SHA-2 and SHA-3.
Use of the x5t certificate SHA-1 thumbprint parameter in JWS and JWE headers is deprecated now, use x5t#S256 (SHA-256) instead.
Use of the x5t certificate SHA-1 thumbprint parameter in JWK objects is also marked as deprecated, use x5t#S256 instead.
- The RSA-OAEP JWE algorithm that uses SHA-1 as the hash function is deprecated, use RSA-OAEP-256 instead.
Deprecates use of RSA encryption with PKCS#1v1.5 padding
RSA encryption with PKCS#1v1.5 padding was another long-time candidate for phasing out, due to its timing attack vulnerability. Its RSA1_5 JWE algorithm identifier is marked as deprecated now. Developers should consider using RSA-OAEP-256 or the ECDH-ES family of JWE algorithms.
version 4.35 (2017-04-09)
- Adds support for JWK x5t#S256 header parameter (iss #205).
- Deprecates use of RSA1_5 JWE algorithm as security measure to encourage use of RSA-OEAP-256 (iss #215).
- Deprecates use of JWK x5t header parameter as part of security measure to move away from SHA-1 and encourage use of SHA-256 (iss #214).
- Deprecates use of JWS and JWE x5t header parameter as part of security measure to move away from SHA-1 and encourage use of SHA-256 (iss #214).
- Deprecates use of RSA-OAEP JWE algorithm as part of security measure to move away from SHA-1 and encourage use of SHA-256 (iss #214).
- Upgraded JSON Smart dependency to support version range from 1.3.1 to 2.3.
- Refines exception messages of DefaultJOSEProcessor and DefaultJWTProcessor.