TSL version issue in Azure function

Question

HI.

I have an azure function that connects to client tenants azure. It works for almost all tenants but a few where I get "You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD" error. Azure function is using 1.2 TLS. I tried to run the same PowerShell code from my pc and no issue from there. Any help would be appreciated

Answer 1

Hi Adrian,

We were able to solve this issue.

Our conclusion was that choosing the framework in App Service was not enough for it to actually use 4.8.

I'm not sure if both of these changes are required, or just the second one, it only started working after step 2:

1. Rebuild the solution with target framework >= 4.6.2

Previously the project was configured to build for 4.5.1. In our case most of our remaining components are compiled on 4.7.2, so used that for consistency.

2. Updated the web.config file to reflect the framework change.

    <compilation targetFramework="4.7.2"/>
    <httpRuntime targetFramework="4.7.2"/>

Let me know if works for you,

Rui

Answer 2

Ni Neha,

Thank you for your answer. there is no operating system (at least not exposed to us) when using azure functions so not sure how to check that. I checked Azure functions and 1.2 is checked.

Answer 3

Hi Neha,

We have an Azure Function using PowerShell for our Identity Management that stopped working on June 30th with the same error.

TLS 1.2 is selected for the function.

When it runs from my PC, no errors. Thank you.

2022-06-30 13:01:10.484 INFORMATION: Starting function Connect-CloudServicesInformation 2022-06-30 13:01:10.485INFORMATION: Connecting to online services ....Information

2022-06-30 13:01:10.486INFORMATION: Connecting to MSOLService...Information

2022-06-30 13:01:17.341INFORMATION: Connecting to AzureAD ...Information

2022-06-30 13:01:21.414ERROR: One or more errors occurred.: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD.

Answer 4

Thanks for this response. We are facing the similar issue (but from server-level) and made changes according to your response.

But still, we are facing it for few tenants. Do we have any TLS settings (or) anything that has to be changed from the account-level?

Answer 5

Dear Adrian3829,

Greetings! Thank you for posting in Microsoft forum.

Please ensure that TLS 1.2 is enabled as a protocol for SChannel at the operating system level. You can make changes under Protocols to disable TLS 1.0 and TLS 1.1 after you've followed the rest of the guidance in these articles and you've verified that the environment works when only TLS 1.2 enabled.

Verify the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols registry subkey setting, as shown in Transport layer security (TLS) best practices with the .NET Framework.

For additional information on TLS 1.2 migration please see Solving the TLS 1.0 Problem.

Reference: Enable TLS 1.2 support as Azure AD TLS 1.0/1.1 is deprecated - Active Directory | Microsoft Docs

If you need any help, let me know. We will look forward to your response. Stay safe and stay healthy.

With sincerest regards,

Neha Singh | Microsoft Community Moderator

***Note: In the event that you're unable to reply to this thread, please ensure that your Email address is verified in the Community Website by clicking on Your Account Name > "My Profile" > "Edit Profile" > Add your Email Address > tick "Receive email notifications" checkbox > click on "Save".***