Error "SSL: NO_CIPHERS_AVAILABLE" when doing a "find"

[7MinSec]

Hello!

Hopefully you're not tired of me yet :-). I might have another "it's only me" issue, but I'm in a new environment where I've pulled a TGT for the account I pwned, and now I want to do a "find" with certipy. When I conduct the "find" I get this in the debug:

[-] Got error: ("('socket ssl wrapping error: [SSL: NO_CIPHERS_AVAILABLE] no ciphers available (_ssl.c:997)',)",)
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/dist-packages/Certipy-3.0.0-py3.10.egg/certipy/ldap.py", line 53, in connect
    self.connect(version=ssl.PROTOCOL_TLSv1_2)
  File "/usr/local/lib/python3.10/dist-packages/Certipy-3.0.0-py3.10.egg/certipy/ldap.py", line 85, in connect
    self.LDAP3KerberosLogin(ldap_conn)
  File "/usr/local/lib/python3.10/dist-packages/Certipy-3.0.0-py3.10.egg/certipy/ldap.py", line 167, in LDAP3KerberosLogin
    connection.open(read_server_info=True)
  File "/usr/lib/python3/dist-packages/ldap3/strategy/sync.py", line 56, in open
    BaseStrategy.open(self, reset_usage, read_server_info)
  File "/usr/lib/python3/dist-packages/ldap3/strategy/base.py", line 145, in open
    raise exception_history[0][0]
ldap3.core.exceptions.LDAPSocketOpenError: socket ssl wrapping error: [Errno 104] Connection reset by peer

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.10/dist-packages/Certipy-3.0.0-py3.10.egg/certipy/entry.py", line 85, in main
    actions[options.action](options)
  File "/usr/local/lib/python3.10/dist-packages/Certipy-3.0.0-py3.10.egg/certipy/find.py", line 736, in entry
    find.find()
  File "/usr/local/lib/python3.10/dist-packages/Certipy-3.0.0-py3.10.egg/certipy/find.py", line 116, in find
    certificate_templates = self.get_certificate_templates()
  File "/usr/local/lib/python3.10/dist-packages/Certipy-3.0.0-py3.10.egg/certipy/find.py", line 691, in get_certificate_templates
    certificate_templates = self.connection.search(
  File "/usr/local/lib/python3.10/dist-packages/Certipy-3.0.0-py3.10.egg/certipy/find.py", line 109, in connection
    self._connection.connect()
  File "/usr/local/lib/python3.10/dist-packages/Certipy-3.0.0-py3.10.egg/certipy/ldap.py", line 59, in connect
    self.connect(version=ssl.PROTOCOL_TLSv1)
  File "/usr/local/lib/python3.10/dist-packages/Certipy-3.0.0-py3.10.egg/certipy/ldap.py", line 85, in connect
    self.LDAP3KerberosLogin(ldap_conn)
  File "/usr/local/lib/python3.10/dist-packages/Certipy-3.0.0-py3.10.egg/certipy/ldap.py", line 167, in LDAP3KerberosLogin
    connection.open(read_server_info=True)
  File "/usr/lib/python3/dist-packages/ldap3/strategy/sync.py", line 56, in open
    BaseStrategy.open(self, reset_usage, read_server_info)
  File "/usr/lib/python3/dist-packages/ldap3/strategy/base.py", line 145, in open
    raise exception_history[0][0]
ldap3.core.exceptions.LDAPSocketOpenError: ("('socket ssl wrapping error: [SSL: NO_CIPHERS_AVAILABLE] no ciphers available (_ssl.c:997)',)",)

I'm running python 3.10.4 on Kali.

[ly4k]

Hello @braimee You can always use -scheme ldap to use LDAP rather than LDAPS :) The error might be because LDAPS is not functioning on the DC

[7MinSec]

Ahhhh wonderful, that did it thank you so much again!