Blacklist 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' (RSA encryption with...

Blacklist 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' (RSA encryption with PKCS#1 v1.5 padding) by default.

docs/simplesamlphp-reference-idp-hosted.txt

@@ -172,6 +172,12 @@ The following SAML 2.0 options are available:
 
 :   Note that this option can be set for each SP in the [SP-remote metadata](./simplesamlphp-reference-sp-remote).
 
+:   The RSA encryption algorithm with PKCS#1 v1.5 padding is blacklisted by default for security reasons. Any assertions
+    encrypted with this algorithm will therefore fail to decrypt. You can override this limitation by defining an empty
+    array in this option (or blacklisting any other algorithms not including that one). However, it is strongly
+    discouraged to do so. For your own safety, please include the string 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' if
+    you make use of this option.
+
 `https.certificate`
 :   The certificate used by the webserver when handling connections.
     This certificate will be added to the generated metadata of the IdP,

docs/simplesamlphp-reference-idp-remote.txt

@@ -105,6 +105,12 @@ The following SAML 2.0 options are available:
     entry in the IdP-remote metadata overrides the option in the
     [SP configuration](./saml:sp).
 
+:   The RSA encryption algorithm with PKCS#1 v1.5 padding is blacklisted by default for security reasons. Any assertions
+    encrypted with this algorithm will therefore fail to decrypt. You can override this limitation by defining an empty
+    array in this option (or blacklisting any other algorithms not including that one). However, it is strongly
+    discouraged to do so. For your own safety, please include the string 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' if
+    you make use of this option.
+
 `nameid.encryption`
 :   Whether NameIDs sent to this IdP should be encrypted. The default
     value is `FALSE`.

docs/simplesamlphp-reference-sp-remote.txt

@@ -162,6 +162,12 @@ The following SAML 2.0 options are available:
     entry in the SP-remote metadata overrides the option in the
     [IdP-hosted metadata](./simplesamlphp-reference-idp-hosted).
 
+:   The RSA encryption algorithm with PKCS#1 v1.5 padding is blacklisted by default for security reasons. Any assertions
+    encrypted with this algorithm will therefore fail to decrypt. You can override this limitation by defining an empty
+    array in this option (or blacklisting any other algorithms not including that one). However, it is strongly
+    discouraged to do so. For your own safety, please include the string 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' if
+    you make use of this option.
+
 `ForceAuthn`
 :   Set this `TRUE` to force the user to reauthenticate when the IdP
     receives authentication requests from this SP. The default is

modules/saml/lib/Message.php

@@ -316,7 +316,7 @@ class sspmod_saml_Message {
 
 		$blacklist = $srcMetadata->getArray('encryption.blacklisted-algorithms', NULL);
 		if ($blacklist === NULL) {
-			$blacklist = $dstMetadata->getArray('encryption.blacklisted-algorithms', array());
+			$blacklist = $dstMetadata->getArray('encryption.blacklisted-algorithms', array(XMLSecurityKey::RSA_1_5));
 		}
 		return $blacklist;
 	}