[XASECO] PSA: FreeZone plugin REQUIRES TLS1.0

Discuss everything about Xymph's Aseco flavoured server control scripts for TM Forever / classic TMN and for TM² Canyon.

Moderators: Xymph, TM-Patrol

Post Reply
Chris92
cyclist
cyclist
Posts: 39
Joined: 28 Feb 2009 23:05
Owned TM-games: TMUF, TM2, TM2020
Location: Germany->Bavaria->Passau

[XASECO] PSA: FreeZone plugin REQUIRES TLS1.0

Post by Chris92 »

Hey everyone,
in case you're planning on setting up a new FreeZone server or migrating to a new server host, make sure that your operating system of choice allows cURL to still make connections via TLS1.0.

This is by default no longer the case on at least Debian Buster (Debian 9) and Ubuntu 22.04.

If you aren't sure whether your current setup is affected, there's an easy way to check with in your freezone.log file(s).
Here's a small redacted example of the freezone.log file from an XAseco install affected by this change mentioned above:

Code: Select all

[Mon, 20 Jun 2022 14:59:15 +0200] 0 ('PUT', '/freezone/rules/LOGIN/index.json', '5')
[Mon, 20 Jun 2022 15:01:21 +0200] 0 ('GET', '/freezone/ban/status/LOGIN/index.json', '')
[Mon, 20 Jun 2022 15:01:43 +0200] 0 ('PUT', '/freezone/rules/LOGIN/index.json', '6')
[Mon, 20 Jun 2022 15:22:08 +0200] 0 ('PUT', '/freezone/rules/LOGIN/index.json', '5')
[Mon, 20 Jun 2022 15:22:13 +0200] 0 ('GET', '/freezone/ban/status/LOGIN/index.json', '')
[Mon, 20 Jun 2022 15:22:13 +0200] 0 ('PUT', '/freezone/rules/LOGIN/index.json', '6')
[Mon, 20 Jun 2022 15:30:35 +0200] 0 ('GET', '/freezone/ban/status/LOGIN/index.json', '')
Note the 0 indicating the HTTP Status Code for each request between the Date Time in [] and the () indicating the HTTP Request Method used and which endpoint was contacted.
The 0 usually should be a 200 if everything is working correctly and rarely any other status code.
If you find that 0 happening a lot in your FreeZone file, you need to find out how to enable TLS 1.0 in your OpenSSL config (on Linux) or follow other guides to re-enable it on Windows.

Until Nadeo changes their https://ws.trackmania.com endpoint to support modern ciphers like TLS1.2 and TLS1.3, this is currently the only known workaround to make FreeZone still work properly.

Regarding the freezone:servers manialink
The message above also applies if you have trouble connecting to the freezone:servers manialink. Even if you enable TLS1.0 in your Internet Options panel under Windows 10/11, you'll most likely be greeted with a HTTP Error 12 057, indicating that the used certificates have either expired or been revoked.
To get around this, you need to disable the two options mentioning "certificate revocation" shown at the top of this image TEMPORARILY while you need to access the manialink. Please re-enable those options after you've visited the manialink due to these options being safety features and can potentially be abused if left disabled permanently.
Xymph
Pit Crew
Pit Crew
Posts: 5755
Joined: 19 Aug 2007 12:58
Owned TM-games: TMN, TMU, TMF, TM²
Contact:

Re: [XASECO] PSA: FreeZone plugin REQUIRES TLS1.0

Post by Xymph »

Indeed, I discussed the same problem on the MP forum last year, with details to resolve the issue on Linux.
Developer of XASECO for TMF/TMN ESWC & XASECO2 for TM²: see XAseco.org
Find your way around the Mania community from the TMN ESWC hub, TMF hub, TM² hub, and SM hub
Post Reply