AADSTS1002016:您正在使用已弃用的 TLS 版本 1.0、1.1 和/或 3DES 密码,以改善 Azure AD 的安全状况
[英]AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD
问题描述
I had login with Azure enabled on one of my PHP apps and I followed the following document to enable this feature using cUrl https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow 
I had login with Azure enabled on one of my PHP apps and I followed the following document to enable this feature using cUrl https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-授权码流
It was working fine until a couple of days ago, after receiving authorization code when I make request for tokens ie https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token它工作正常,直到几天前,当我请求令牌时收到授权码,即https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token
I get an error in return我收到一个错误作为回报
{"error":"invalid_request","error_description":"AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD. Your TenantID is: {tenant_id}. Please refer to https://go.microsoft.com/fwlink/?linkid=2161187 and conduct needed actions to remediate the issue. For further questions, please contact your administrator."}
Already disable tls1 and 1.0 on app servers as well as 3DES cipher.已经在应用服务器上禁用 tls1 和 1.0 以及 3DES 密码。 Same config on load balancer too.负载均衡器上的配置也相同。
My /etc/httpd/conf.d/ssl.conf contains following我的 /etc/httpd/conf.d/ssl.conf 包含以下内容
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!DES:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
1 个解决方案
解决方案1
0 2022-08-09 00:02:48
Need to enforce curl to use tls1.2需要强制执行 curl 才能使用 tls1.2
curl --tlsv1.2 {...REST_OF_CURL}
PHP code PHP代码
$chwnd = curl_init();
curl_setopt ($chwnd, CURLOPT_SSLVERSION, 6);
curl_exec($chwnd);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.