diff --git a/CHANGELOG.md b/CHANGELOG.md
index 825167d..2558dc9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 <!-- next-header -->
 ## [Unreleased] - ReleaseDate
+### Changed
+- [PR#67](https://github.com/EmbarkStudios/tame-oauth/pull/67) upgraded `ring` from 0.16 -> 0.17.
+
 ## [0.9.4] - 2023-10-04
 ### Changed
 - [PR#66](https://github.com/EmbarkStudios/tame-oauth/pull/66) replaced `base64` with `data-encoding`.
diff --git a/Cargo.toml b/Cargo.toml
index 1256c87..7b4e133 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -33,12 +33,12 @@ jwt = ["ring"]
 # This enables features in chrono and ring that are necessary to use this library
 # in a wasm32 web (browser) context. If you are using wasm outside the browser
 # you will need to target wasm32-wasi for the requisite functionality (time and random)
-wasm-web = ["ring/wasm32_c"]
+wasm-web = ["ring/wasm32_unknown_unknown_js"]
 
 [dependencies]
 data-encoding = "2.4"
 http = "0.2"
-ring = { version = "0.16", optional = true }
+ring = { version = "0.17", optional = true }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 twox-hash = { version = "1.5.0", default-features = false }
diff --git a/deny.toml b/deny.toml
index 7d398fa..c1e94f4 100644
--- a/deny.toml
+++ b/deny.toml
@@ -19,20 +19,11 @@ skip-tree = []
 unlicensed = "deny"
 # We want really high confidence when inferring licenses from text
 confidence-threshold = 0.92
-allow = ["Apache-2.0", "MIT", "BSD-3-Clause", "Unicode-DFS-2016"]
+allow = ["Apache-2.0", "MIT", "Unicode-DFS-2016"]
 exceptions = [
-    { allow = [
-        "MPL-2.0",
-    ], name = "webpki-roots" },
     { allow = [
         "ISC",
     ], name = "untrusted" },
-    { allow = [
-        "ISC",
-    ], name = "webpki" },
-    { allow = [
-        "ISC",
-    ], name = "rustls-webpki" },
     { allow = [
         "ISC",
         "MIT",
diff --git a/src/jwt.rs b/src/jwt.rs
index 1a6f938..0ea3423 100644
--- a/src/jwt.rs
+++ b/src/jwt.rs
@@ -140,7 +140,7 @@ fn sign_rsa(
     };
 
     let key_pair = std::sync::Arc::new(key_pair);
-    let mut signature = vec![0; key_pair.public_modulus_len()];
+    let mut signature = vec![0; key_pair.public().modulus_len()];
     let rng = ring::rand::SystemRandom::new();
     key_pair
         .sign(alg, &rng, signing_input.as_bytes(), &mut signature)