cisagov / untitledgoosetool

Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments.
Creative Commons Zero v1.0 Universal
912 stars 79 forks source link

goosey auth returning 'unsafe legacy renegotiation disabled') #38

Closed 3v01v31ng closed 1 year ago

3v01v31ng commented 1 year ago

🐛 Summary

When sending SAML request to IdP I get the following error presented in selinium. """ 502 Bad Gateway

TlsProtocolException('Cannot establish TLS with login.xx.xx:443 (sni: xxx.xx.xxx): TlsException("SSL handshake error: Error([(\'SSL routines\', \'\', \'unsafe legacy renegotiation disabled\')])")') What's wrong? Please be specific. """

Running Python 3.10.11 on Windows tried cryptography versions:36.0.2, 38.02, 40.0.2

Any sugestions? What version of Python are you using and on what platform?

victoriawallace-cisa commented 1 year ago

@3v01v31ng Could you create a cloud-only account in your tenant (an account that isn't sync'd with an on-premise tenant) with the required permissions and try again?