skip to Main Content

I have deployed an Azure function app, While using the command Connect-AzureAD in one of the function is throwing the error "You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD"

Though the function App

  • has minimum tls version of 1.2
  • the .NET framework is 4.8.x
  • the other services like storage account etc. associated with the
    function app were using minimum TLS version of 1.2.

Function App details

Function runtime: Powershell

runtime version: 3.8.2.0

Any help regarding this issue would be helpful

3

Answers


  1. From the Kudu console, you could check the existing SecurityProtocol:

    PS C:home> [Net.ServicePointManager]::SecurityProtocol
    [Net.ServicePointManager]::SecurityProtocol
    Ssl3, Tls
    

    From the documentation :

    ServicePointManager, using .NET Framework 4.7 and later versions, will use the default security protocol configured in the OS. To get the default OS choice, if possible, don’t set a value for the ServicePointManager.SecurityProtocol property, which defaults to SecurityProtocolType.SystemDefault.

    Because the SecurityProtocolType.SystemDefault setting causes the ServicePointManager to use the default security protocol configured by the operating system, your application may run differently based on the OS it’s run on. For example, Windows 7 SP1 uses TLS 1.0 while Windows 8 and Windows 10 use TLS 1.2.

    According to the documentation, you could try setting the security protocol to system default by adding this command at the beginning of your script:

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::SystemDefault
    

    Alternatively, it not working you could force using specific version:

    [Net.SecurityProtocolType]::Tls12
    [Net.SecurityProtocolType]::Tls13
    
    Login or Signup to reply.
  2. Got this error as well, the weird part was that when running the command [Net.ServicePointManager]::SecurityProtocol it looked like I was using Tls12.

    Error:

    Error Acquiring Token: AADSTS1002016: You are using TLS version 1.0,
    1.1 and/or 3DES cipher which are deprecated to improve the security postur e of Azure AD. Your TenantID is:
    00000000-0000-0000-0000-000000000000. Please refer to
    https://go.microsoft.com/fwlink/?linkid=2161187 and conduct needed
    actions to remediate the issue. For further questions, please contact
    your administrator

    Got it working by first setting TLS to 1.3 like this:

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls13
    

    This gave me an exception when trying to connect.

    Then I used the command below to set it back to Tls12 and then everything worked:

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    
    Login or Signup to reply.
  3. Upgrading the httpRuntime targetFramework attribute in the web.config from 4.5.2 to 4.8 solved it for me.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search