[英]AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD
I had login with Azure enabled on one of my PHP apps and I followed the following document to enable this feature using cUrl https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-授權碼流
它工作正常,直到幾天前,當我請求令牌時收到授權碼,即https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token
我收到一個錯誤作為回報
{"error":"invalid_request","error_description":"AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD. Your TenantID is: {tenant_id}. Please refer to https://go.microsoft.com/fwlink/?linkid=2161187 and conduct needed actions to remediate the issue. For further questions, please contact your administrator."}
已經在應用服務器上禁用 tls1 和 1.0 以及 3DES 密碼。 負載均衡器上的配置也相同。
我的 /etc/httpd/conf.d/ssl.conf 包含以下內容
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!DES:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
需要強制執行 curl 才能使用 tls1.2
curl --tlsv1.2 {...REST_OF_CURL}
PHP代碼
$chwnd = curl_init();
curl_setopt ($chwnd, CURLOPT_SSLVERSION, 6);
curl_exec($chwnd);
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.