Share via

Legacy function app now throwing TLS1.2 error

Patrick Bolduc 41 Reputation points
2025-10-20T16:01:28.4466667+00:00

I have an old Function App that recently started crashing constantly with the following error:

{
  "code": "Forbidden",
  "message": "Connection is insufficiently secured. Please use Tls12 SSL protocol or higher, Protocol detected: Tls\r\nActivityId: af9eca58-9f76-43c8-8ccb-xxxxxxxxxxx, documentdb-dotnet-sdk/2.14.0 Host/64-bit MicrosoftWindowsNT/10.0.20348.0"
}

This function uses DocumentDB to connect to a CosmosDB instance within the same Azure subscription.

This is a legacy project that we only maintain, no new development is being done on it.

What could explain this new error? Everything was working perfectly fine until recently.

I double checked some settings, and my cosmosDB is still supporting TLS 1.0
User's image

So what explained that new error? And what can I do to get it working again?
Updating the code is not an option.

Thanks

Azure App Service
Azure App Service

Azure App Service is a service used to create and deploy scalable, mission-critical web apps.

0 comments

Answer accepted by question author

  1. Shree Hima Bindu Maganti 7,420 Reputation points Microsoft External Staff Moderator
    2025-10-22T14:19:26.45+00:00

    Patrick Bolduc
    It appears your legacy Function App is having trouble because it doesn’t meet the newer TLS security requirements. The error suggests that TLS 1.2 or higher is now needed for connectivity.

    Microsoft is ending support for TLS 1.0 and 1.1 on Azure services, requiring TLS 1.2 by August 31, 2025. Although CosmosDB may still allow TLS 1.0, Azure changes could be restricting older protocol connections, which might explain your error.

    Since you can't update the code, it’s important that your app supports TLS 1.2. In .NET Framework, this typically means setting ServicePointManager.SecurityProtocol accordingly.

    If code changes aren’t possible,

    Try updating your DocumentDB SDK to a version that uses TLS 1.2 or higher, as older versions may not work with current security policies.

    Check your Azure Function App’s "TLS/SSL settings" to ensure everything is current, as compliance is necessary even if these settings mainly affect incoming requests.

    To help further, could you share:

    1. Which .NET Framework version your Function App uses?
    2. Whether you can review the codebase for potential TLS configuration workarounds?

    Retirement of TLS 1.0 and TLS 1.1 by August 31st 2025

    TLS 1.2 Enforcement on Cosmos DB

    Transport Layer Security (TLS) best practices with the .NET Framework

    Setting minimal TLS version for SQL database
    Let me know if you have any further assistances needed.

    Was this answer helpful?

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bruce (SqlWork.com) 84,061 Reputation points
    2025-10-20T16:13:36.26+00:00

    as announced 2 years ago, support for tls 1.0 was retired on 8/31/2025, so Cosmos DB no longer supports tsl 1.0.

    https://azure.microsoft.com/en-us/updates?id=update-retirement-tls1-0-tls1-1-versions-azure-services

    seems your server was finally updated. you will need to update the client code.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.