Change default encryption algo to AES128-GCM

docs/simplesamlphp-upgrade-notes-2.0.md

@@ -11,3 +11,5 @@ Upgrade notes for SimpleSAMLphp 2.0
 - If you used some of the modules that were shipped with SimpleSAMLphp, you now have to manually install them using Composer;
     For example, to use the ldap-module: bin/composer.phar require simplesamlphp/simplesamlphp-module-ldap --update-no-dev
 - If you're using the core:TargetedID authproc-filter, note that the `attributename` setting has been renamed to `identifyingAttribute`.
+- The default encryption algorithm is set from AES128_CBC to AES128_GCM. If you're upgrading from an existing implementation, you may want
+    to manually switch back the `sharedkey_algorithm`. Note that CBC is vulnerable to the Padding oracle attack.

modules/saml/lib/IdP/SAML2.php

@@ -1297,7 +1297,7 @@ class SAML2
             $algo = $spMetadata->getString('sharedkey_algorithm', null);
             if ($algo === null) {
                 // If no algorithm is configured, use a sane default
-                $algo = $idpMetadata->getString('sharedkey_algorithm', XMLSecurityKey::AES128_CBC);
+                $algo = $idpMetadata->getString('sharedkey_algorithm', XMLSecurityKey::AES128_GCM);
             }
 
             $key = new XMLSecurityKey($algo);

modules/saml/lib/Message.php

@@ -254,7 +254,7 @@ class Message
                 $algo = $srcMetadata->getString('sharedkey_algorithm', null);
                 if ($algo === null) {
                     // If no algorithm is supplied or configured, use a sane default as a last resort
-                    $algo = $dstMetadata->getString('sharedkey_algorithm', XMLSecurityKey::AES128_CBC);
+                    $algo = $dstMetadata->getString('sharedkey_algorithm', XMLSecurityKey::AES128_GCM);
                 }
             }