tls issues

What is happening

Microsoft has an initiative to disable anything less that TLS 1.2 for security reasons. The Microsoft TLS 1.0 implementation has no known security vulnerabilities. But because of the potential for future protocol downgrade attacks and other TLS vulnerabilities, Office, for instance are discontinuing support for TLS 1.0 and 1.1 in Microsoft Office 365.

As this initiative is going through, you ask more and more questions about the fact that some services deployed to Azure require TLS 2.0, and this is caught by MSAL.NET. See for instance #657

MSAL.NET already supports TLS 2.0 (as previous versions). Some of you have proposed to set System.Net.ServicePointManager.SecurityProtocol to System.Net.SecurityProtocolType.Tls12, however this is not the right fix as when TLS 1.3 shows up, the apps would have to change.

What is the right fix?

We suggest you read Transport Layer Security (TLS) best practices with the .NET Framework. The simplest fix would be, if you can, to make sure your app moves to .NET Framework 4.7+, otherwise the best practices document details your options.

Getting started with MSAL.NET

Acquiring tokens

AcquireTokenSilent

Desktop/Mobile apps

AcquireTokenInteractive
WAM - the Windows broker
.NET Core
Maui Docs
Custom Browser
Applying an AAD B2C policy
Integrated Windows Authentication for domain or AAD joined machines
Username / Password
Device Code Flow for devices without a Web browser
ADFS support

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

tls issues

What is happening

What is the right fix?

Getting started with MSAL.NET

Acquiring tokens

Desktop/Mobile apps

Web Apps / Web APIs / daemon apps

Advanced topics

News

FAQ

Other resources

Clone this wiki locally