This is a minimal /etc/ssl/openssl.cnf
supporting legacy algorithms on modern openssl installations
where it is disabled by default.
The marked (######) lines should be added to your openssl.cnf (other parts may be unchanged).
For checking if legacy providers are enabled successfully:
$ openssl list -providers
Providers:
default
name: OpenSSL Default Provider
version: 3.0.7
status: active
legacy
name: OpenSSL Legacy Provider
version: 3.0.7
status: active
Or checking directly if e.g. MD4 is working:
$ echo test | openssl dgst -md4
MD4(stdin)= 36d729ab4ff7260da6fb010ef5747bb3
In Python (calculating NTLM):
$ python -c 'import hashlib; print(hashlib.new("md4", "P@ssw0rd!".encode("utf-16le")).hexdigest())'
217e50203a5aba59cefa863c724bf61b
Openssl MD4 is mandatory for (Python) offensive tools using NTLM.