diff --git a/Cargo.toml b/Cargo.toml
index b79d3af..3562e85 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -44,7 +44,7 @@ http = "0.2"
 percent-encoding = "2.1"
 pin-utils = { version = "0.1.0", optional = true }
 # Keep aligned with rustls
-ring = { version = "0.16", optional = true }
+ring = { version = "0.17", optional = true }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 serde_urlencoded = "0.7"
diff --git a/deny.toml b/deny.toml
index 35177c5..efdd93a 100644
--- a/deny.toml
+++ b/deny.toml
@@ -32,11 +32,9 @@ confidence-threshold = 0.92
 allow = [
     "Apache-2.0",
     "MIT",
-    "BSD-3-Clause",
     "ISC",
 ]
 exceptions = [
-    { allow = ["MPL-2.0"], name = "webpki-roots" },
     { allow = ["OpenSSL"], name = "ring" },
     { allow = ["Zlib"], name = "tinyvec" },
     { allow = ["Unicode-DFS-2016"], name = "unicode-ident" },
diff --git a/src/signing.rs b/src/signing.rs
index 8b73930..c6c75bb 100644
--- a/src/signing.rs
+++ b/src/signing.rs
@@ -176,7 +176,7 @@ impl Signer for RingSigner {
                     }
                 }?;
 
-                let mut signature = vec![0; key_pair.public_modulus_len()];
+                let mut signature = vec![0; key_pair.public().modulus_len()];
                 let rng = ring::rand::SystemRandom::new();
 
                 key_pair.sign(