In this article, we will see some solutions to fix the error AADSTS1002016, You are using TLS version 1.0, 1.1 and/or 3DES cipher. This error is related to the Microsoft Azure AD. However, some users also experienced this error on their Windows 11/10 computers while opening the Outlook app. Usually, this error occurs when connecting the Azure function to the Client Tenant Azure.
AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD.
AADSTS1002016, You are using TLS version 1.0, 1.1 and/or 3DES cipher
Use the following solutions to fix the AADSTS1002016, You are using TLS version 1.0, 1.1 and/or 3DES cipher error.
- Enable the TLS version 1.2 via the Control Panel
- Enable the support for TLS 1.2 in your environment for Azure AD
- Update your .NET Framework
Let’s see all these fixes in detail.
1] Enable the TLS version 1.2 via the Control Panel
Some users reported encountering this error message while opening the Outlook app on their Windows 11/10 computer. This error occurs if the TLS version 1.2 is disabled on your system. To fix this error, you should enable TLS version 1.2 on your system. The following steps will guide you on this.
- Open the Control Panel.
- Select Large icons in the View by mode.
- Click on the Internet Options.
- In the Internet Properties window, select the Advanced tab.
- Select the TLS 1.2 checkbox.
- Click Apply and then click OK.
Now, open the Outlook app. The error message should not appear this time.
2] Enable the support for TLS 1.2 in your environment for Azure AD
According to the reports, users encountered this error while connecting the Azure function to the Client Tenant Azure. The error message itself states that you are using TLS version 1.0, 1.1 and/or 3DES cipher. Microsoft has deprecated TLS 1.0 and TLS 1.1 due to the security issues in Azure AD. If your Azure AD environment is still using TLS 1.0 or 1.1, you will see this error. Hence, the solution to this error is to enable TLS 1.2.
You can enable TLS 1.2 by executing the following command in PowerShell.
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Alternatively, you can follow the instructions listed on the official website of Microsoft to enable the support for TLS 1.2 in your environment for Azure AD.
3] Update your .NET Framework
If, after enabling the TLS version 1.2, you still encounter the same error, the problem may be with the .NET Framework. You are still using the older version of .NET Framework. TLS 1.2 requires .NET Framework version 4.7 or later. Therefore, if you are using the .NET Framework version earlier than 4.7, you will encounter the error after enabling TLS 1.2. To fix this issue, install the .NET Framework version 4.7 or later.
That’s it. I hope the solutions provided in the article helped you fix the problem.
How to check TLS 1.1 is enabled or not?
You can check if TLS 1.1 is enabled on not on your Windows 11/10 system via the Internet Options. Click on Windows Search and type Internet Options. Now, select the best-matched result. In the Internet Options window, go to the Advanced tab and locate TLS 1.1. If the TLS 1.1 checkbox is selected, it is enabled; otherwise, disabled.
How do I enable TLS Ciphers?
You can enable the TLS Cipher Suite Order by changing the Group Policy Settings. Open the Group Policy Management Console and navigate to the Computer Configuration > Administrative Templates > Network > SSL Configuration Settings path. Double-click on the SSL Cipher Suite Order and select Enabled. Now, right-click on the SSL Cipher Suites box and click Select All. Copy the selected text in Notepad and update it with the new cipher suite order list. After that, replace the list in SSL Cipher Suites with the updated ordered list. Click Apply and then OK.
Read next: AADSTS51004, The user account does not exist in the directory.
