Archetype - Legacy_sigalg [ERROR]

When runnin python3 ARCHETYPE/sql_svc:M3g4c0rp123@ -windows-auth

I get
[*] Encryption required, switching to TLS
[-] [(‘SSL routines’, ‘’, ‘legacy sigalg disallowed or unsupported’)]

Impacket v0.10.0
Python 3.10.6

Any idea, I’ve tried doing research it seems something to do with SSL
Ubuntu 22.04

1 Like

Had the same issue. Ubuntu 22.04 upgraded OpenSSL to version 3.0.2, which is more strict in its security policies.
I’ve tried to edit /etc/ssl/openssl.cnf, but ended up using a dedicated docker for impacket which worked well for me.

1 Like

Try running the strace to identify the right configuration file: “$USER:$PASS@$TARGET_IP” -port 1433 -windows-auth 2>&1 | grep -E “/etc|.cnf|.conf|.config”

In Fedora:
/etc/pki/tls/openssl.cnf (includes opensslcnf.config)

There is probably better way, but taking the CipherString from @SECLEVEL=2 to @SECLEVEL=1 makes the mssqlclient work again.

In case the solution provided by rebus is still erroring out, I’ve found a working solution.

If you have an older version of Impacket, purge it, then delete all of the python files within /usr/bin.

Once done, install v0.10.0 via the following link: GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.

Then create you a new openssl.cnf file in a new directory (such as folder with the box name). Within the file, add the following contents:

openssl_conf = default_conf
[ default_conf ]
ssl_conf = ssl_sect
system_default = system_default_sect
MinProtocol = TLSv1
CipherString = DEFAULT:@SECLEVEL=0

Now while using the mssqlclient command, pre-pend the following command: OPENSSL_CONF=./name of file.cnf
Also don’t forget to append -windows-auth at the end

My full version of the command is as follows: OPENSSL_CONF=./openssl.cnf ARCHETYPE/:@ -windows-auth