AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD

Question

I had login with Azure enabled on one of my PHP apps and I followed the following document to enable this feature using cUrl https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

It was working fine until a couple of days ago, after receiving authorization code when I make request for tokens ie https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token

I get an error in return

{"error":"invalid_request","error_description":"AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD. Your TenantID is: {tenant_id}. Please refer to https://go.microsoft.com/fwlink/?linkid=2161187 and conduct needed actions to remediate the issue. For further questions, please contact your administrator."}

Already disable tls1 and 1.0 on app servers as well as 3DES cipher. Same config on load balancer too.

My /etc/httpd/conf.d/ssl.conf contains following

 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!DES:!3DES
 SSLHonorCipherOrder on
 SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Answer 1

Need to enforce curl to use tls1.2

curl --tlsv1.2 {...REST_OF_CURL}

PHP code

$chwnd = curl_init();
curl_setopt ($chwnd, CURLOPT_SSLVERSION, 6);
curl_exec($chwnd);