If you get TLS 1.0 or 1.1 error, one possibility might be that you are using an older app service that needs migrating to .NET 6 (or at least framework 4.8)

by Patrick Lee on 07 Feb 2023 in categories tech with tags Azure .NET 7 .Net framework TLS

After years of this working with no problem, I got this error when making a call to ADB2C to retrieve the logged in user's sign-in name ( user.SignInNames[0].Value;), which for some reason Microsoft don't expose in the claims that can be returned in the login token:

Error : AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD. Your TenantID is: [Guid]. Please refer to https://go.microsoft.com/fwlink/?linkid=2161187 and conduct needed actions to remediate the issue. For further questions, please contact your administrator.

There was no obvious reference to TLS in my apps and I didn't find the articles by Microsoft on how to solve the error particularly helpful (e.g. see https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/enable-support-tls-environment?tabs=azure-monitor). I eventually solved it by realising that the call to ADB2C was being made by an old WebAPI service that still used .net framework 4.5.2.  I was going to migrate this to .NET 7, but then tried just migrating it to .NET framework 4.8 and that worked.  The reason is probably that the instance that Microsoft was hosting the 4.5.2 app service on was probably running an older version of Windows that used TLS 1.0 or 1.1.

So if you get that TLS 1.0/1.1 error message, consider this as a possible reason.