Nimbus JOSE+JWT 4.35 deprecates use of SHA-1 and RSA encryption with PKCS1v1.5 padding
Deprecates use of SHA-1
CWI and Google’s announcement of a practical technique for producing SHA-1 collisions served a wake-up call to the industry to finally commit to phasing out the 22 year old hash algorithm and move to the newer and more secure SHA-2 and SHA-3.
Today’s 4.35 release of the the Nimbus JOSE+JWT library encourages developers to do just that:
-
Use of the x5t certificate SHA-1 thumbprint parameter in JWS and JWE headers is deprecated now, use x5t#S256 (SHA-256) instead.
-
Use of the x5t certificate SHA-1 thumbprint parameter in JWK objects is also marked as deprecated, use x5t#S256 instead.
-
The RSA-OAEP JWE algorithm that uses SHA-1 as the hash function is deprecated, use RSA-OAEP-256 instead.
Deprecates use of RSA encryption with PKCS#1v1.5 padding
RSA encryption with PKCS#1v1.5 padding was another long-time candidate for phasing out, due to its timing attack vulnerability. Its RSA1_5 JWE algorithm identifier is marked as deprecated now. Developers should consider using RSA-OAEP-256 or the ECDH-ES family of JWE algorithms.
Release notes
version 4.35 (2017-04-09)
- Adds support for JWK x5t#S256 header parameter (iss #205).
- Deprecates use of RSA1_5 JWE algorithm as security measure to encourage use of RSA-OEAP-256 (iss #215).
- Deprecates use of JWK x5t header parameter as part of security measure to move away from SHA-1 and encourage use of SHA-256 (iss #214).
- Deprecates use of JWS and JWE x5t header parameter as part of security measure to move away from SHA-1 and encourage use of SHA-256 (iss #214).
- Deprecates use of RSA-OAEP JWE algorithm as part of security measure to move away from SHA-1 and encourage use of SHA-256 (iss #214).
- Upgraded JSON Smart dependency to support version range from 1.3.1 to 2.3.
- Refines exception messages of DefaultJOSEProcessor and DefaultJWTProcessor.