TL;DR
OpenSSL on a modern distro supports TLS v1.2+, the WS server supports TLS v1.0. Outlined below is how to get WS requests to work nonetheless, by enabling TLS v1.0 only for WS scripts.
Problem
I use the WS in MetaStats and some offline scripts. After (finally, belatedly) upgrading to a modern distro -- Ubuntu Mate LTS in my case -- these scripts failed. A manual check revealed:
Code: Select all
$ wget --tries=1 --server-response --spider https://ws.trackmania.com/
Spider mode enabled. Check if remote file exists.
--2021-09-27 10:11:23-- https://ws.trackmania.com/
Resolving ws.trackmania.com (ws.trackmania.com)... 178.33.106.156
Connecting to ws.trackmania.com (ws.trackmania.com)|178.33.106.156|:443... connected.
OpenSSL: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
Unable to establish SSL connection.
Searching for the error led to various postings (like this) that indicated that OpenSSL in the distro supports only TLS v1.2+, while the WS server supports only TLS v1.0 (and SSL v3, but nevermind that). See:
Code: Select all
$ nmap --script ssl-enum-ciphers -p 443 ws.trackmania.com
Starting Nmap 7.80 ( https://nmap.org ) at 2021-09-27 10:46 CEST
Nmap scan report for ws.trackmania.com (178.33.106.156)
Host is up (0.015s latency).
rDNS record for 178.33.106.156: 178-33-106-156.ovh.net
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
[...]
| TLSv1.0:
| ciphers:
[...]
Nmap done: 1 IP address (1 host up) scanned in 1.36 seconds
Ideally the WS server is upgraded to modern Apache/OpenSSL versions, as it currently runs an Ubuntu distro with PHP 5.3 (X-Powered-By: PHP/5.3.2-1ubuntu4.30) that is about a decade old.

So TLS v1.0 needs to be enabled locally, but I would prefer this to happen only for WS scripts rather than system-wide by default. A better approach is a separate config file that is invoked only for WS scripts via environment variable OPENSSL_CONF.
However, PHP's interaction with environment variables is not entirely trivial. It turns out using putenv() or $_ENV[] in the script to define OPENSSL_CONF happens too late, it needs to exist prior to invoking the script. For a standalone script this can be done with a bash wrapper, e.g.:
Code: Select all
#!/bin/bash
OPENSSL_CONF=/usr/local/etc/openssl_tls1.conf php /usr/local/bin/playertype.php $1
Code: Select all
# Allow TLSv1.0 on ws.trackmania.com in TrackMania\WebServices\
export OPENSSL_CONF=/usr/local/etc/openssl_tls1.conf
Too bad it's still dead for MP after Nadeo's ws.maniaplanet.com server was shut down...