Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 07-16-2015, 09:30 PM   #3571
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 7,791
Karma: 6975338
Join Date: Feb 2012
Device: Too many.
Just for reference, one of the ways to get the human (?) readable certificate from a server (the twitter.com link above):
Code:
core2quad ~ $ echo | openssl s_client -tls1 -connect twitter.com:443 2>/dev/null | openssl x509  -inform pem  -noout -text
vary the '-tls1' with the other protocol options as required.

Result:
Spoiler:

Code:
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:c8:5e:b7:ae:c3:51:3c:d8:0d:85:38:5e:cf:d2:08
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 EV SSL CA - G3
        Validity
            Not Before: Sep 10 00:00:00 2014 GMT
            Not After : May  9 23:59:59 2016 GMT
        Subject: 1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/businessCategory=Private Organization/serialNumber=4337446, C=US/postalCode=94103-1307, ST=California, L=San Francisco/street=1355 Market St, O=Twitter, Inc., OU=Twitter Security, CN=twitter.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e3:ac:59:34:07:dc:11:f8:1c:ca:b3:0f:93:44:
                    8a:54:34:76:90:6a:c0:22:00:be:95:9a:da:58:3c:
                    6c:38:31:a2:a2:1f:3b:64:e2:9d:e0:f5:c2:ab:07:
                    90:5b:7c:fe:f9:88:8c:6a:9d:69:3b:e0:23:65:b7:
                    11:d6:e8:88:d6:3e:6d:8b:ed:ca:ea:58:0b:fe:4d:
                    bf:2a:95:ca:bb:21:bb:ce:d6:e2:10:02:11:21:68:
                    26:f7:92:7e:9c:a3:80:b1:82:d7:e5:a6:a0:86:47:
                    42:1a:c6:5b:04:d9:c3:b5:b2:9b:38:d4:a1:6d:3b:
                    bd:d8:05:f0:51:9b:bd:95:77:7f:e9:02:8e:60:a3:
                    7a:65:20:52:23:db:8d:01:27:24:c2:00:66:0d:14:
                    66:b3:52:2b:cc:6b:5b:a5:44:2f:e2:40:6d:da:21:
                    a1:92:5a:57:12:d3:47:01:ef:e9:df:af:c6:91:8c:
                    21:af:77:65:13:36:1c:63:7a:2d:05:e6:63:c5:0b:
                    d8:39:e9:ac:f2:3b:ff:9d:c5:a7:46:0a:6e:1a:66:
                    10:1e:4a:e7:ba:c7:89:79:1f:ae:f1:f3:84:03:ca:
                    e7:50:8a:19:63:bf:3c:20:10:78:c5:f4:53:3c:7d:
                    5e:0d:af:96:70:89:92:b9:7f:9a:19:0c:f6:78:6a:
                    8f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:twitter.com, DNS:www.twitter.com
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.23.6
                  CPS: https://d.symcb.com/cps
                  User Notice:
                    Explicit Text: https://d.symcb.com/rpa

            X509v3 Authority Key Identifier: 
                keyid:01:59:AB:E7:DD:3A:0B:59:A6:64:63:D6:CF:20:07:57:D5:91:E7:6A

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://sr.symcb.com/sr.crl

            Authority Information Access: 
                OCSP - URI:http://sr.symcd.com
                CA Issuers - URI:http://sr.symcb.com/sr.crt

    Signature Algorithm: sha256WithRSAEncryption
        d1:53:68:e9:d6:20:d0:56:7a:10:80:b8:e9:7e:00:c9:9e:d5:
        35:4a:a2:d2:a0:16:8a:e2:fb:eb:96:88:77:c2:6e:35:f4:a7:
        a9:aa:dc:35:7b:c6:7d:5e:3c:f6:c9:5b:a0:d1:58:ae:7d:96:
        e7:54:02:5c:69:1b:56:92:26:ad:06:2c:c1:5a:ff:59:f3:8a:
        8c:94:32:0d:1a:42:d1:6e:bc:1c:bd:a8:c6:08:01:1b:73:17:
        93:28:30:ae:ce:4d:4e:2d:4b:bf:22:af:9a:61:32:7a:a8:68:
        25:19:3c:6d:fb:67:cc:29:3f:5b:f5:d1:af:4c:bf:67:a3:60:
        c4:dd:b0:fb:83:55:6d:b5:2c:a9:7d:34:ad:b0:08:c7:2c:f0:
        cb:4c:d8:2b:79:f4:e9:da:7f:6e:c0:de:55:7c:d6:d6:47:cf:
        c4:90:ef:4f:be:eb:c9:3d:05:71:6b:5e:c7:36:8d:4f:0c:3c:
        47:83:a5:11:88:22:f8:46:e0:f8:9b:1a:fe:e9:a2:df:90:81:
        10:71:f3:97:9c:b7:69:60:77:20:d6:87:85:ee:5a:77:d2:92:
        ec:d9:5d:1f:31:3b:3a:e2:5b:35:d1:92:36:db:44:d4:79:d9:
        6c:03:24:87:5d:c3:86:c6:10:e2:ea:65:7c:cf:b8:ef:c2:31:
        02:55:72:12


1) it is fairly recently issued (Sept. 2014, "Poodle" was announced in October)
2) it is valid for TLS only.

Tomorrow, see if the other non-working links share anything in common.

Last edited by knc1; 07-17-2015 at 08:05 AM.
knc1 is offline   Reply With Quote
Old 07-17-2015, 07:55 AM   #3572
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 7,791
Karma: 6975338
Join Date: Feb 2012
Device: Too many.
Updated speculation and added spoiler'd "human" readable cert to post:
http://www.mobileread.com/forums/sho...postcount=3568

The originally posted problem (wikipedia) uses ec-prime256v1 public key, which may not be supported by name in the (old) DX web-kit browser.

It is also maked "TLS only".

Also note that the two translated samples date from **BEFORE** "Poodle" was announced (the attack against TLS/SSLv3 that caused sites to stop supporting fallback or other use of SSLv3).
See: http://googleonlinesecurity.blogspot...ng-ssl-30.html

- - - -

Well, we (I) certainly have dragged this thread Off-Topic, but ....

The two samples show that the sites will not even admit to supporting secure connections if TLS with fallback to SSLv3 support is sent by the client.
It must be TLS **ONLY**.

That probably would require a patch to web-kit in the 2.5.8 build.

Wikipedia might be another case, would have to check if the web-kit build in 2.5.8 was new enough to support elliptical curve cryptography (it might not be new enough).

- - - - -

Since we don't have the Experimental Browser code (that is Amazon proprietary), only the source to the web-kit library it is built on (we need both to patch 2.5.8) . . . .

I think the answer here is similar to Amazon's "won't fix" :
"Can't fix"
Sorry about that, but at least we gave some solid speculation as to why.

Last edited by knc1; 07-18-2015 at 11:43 AM.
knc1 is offline   Reply With Quote
Old 07-20-2015, 02:05 PM   #3573
Jedidiyah
Enthusiast
Jedidiyah has much to be proud ofJedidiyah has much to be proud ofJedidiyah has much to be proud ofJedidiyah has much to be proud ofJedidiyah has much to be proud ofJedidiyah has much to be proud ofJedidiyah has much to be proud ofJedidiyah has much to be proud ofJedidiyah has much to be proud ofJedidiyah has much to be proud ofJedidiyah has much to be proud of
 
Posts: 34
Karma: 27450
Join Date: Aug 2013
Device: Kindle DX graphite
Quote:
Originally Posted by knc1 View Post
Since we don't have the Experimental Browser code (that is Amazon proprietary), only the source to the web-kit library it is built on (we need both to patch 2.5.8) . . . .

I think the answer here is similar to Amazon's "won't fix" :
"Can't fix". Sorry about that, but at least we gave some solid speculation as to why.
THANK YOU! Sorry to make you spend so much time on it. I didn't know about TLS, web-kit and security certificates. I'd buy a new kindle, but they do not sell e-ink ones with big screens anymore (I have bad eyes).

In the past kindle would sometimes ask "Security Certificate for this website is outdated, do you want to continue?", but even when I pressed "yes" it'd still say "Basic web is unable to establish secure connection". Now it mostly just displays the latter message right away.

The most quirky thing is that Wikipedia is still accessible from Yahoo search results, but not Google or urls, do you think that will last? If I do Yifan Lu's software upgrade to 3.1 would that make a difference?

Last edited by Jedidiyah; 07-20-2015 at 02:10 PM.
Jedidiyah is offline   Reply With Quote
Old 07-20-2015, 02:39 PM   #3574
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 7,791
Karma: 6975338
Join Date: Feb 2012
Device: Too many.
The update to series 3.x firmware would still require the 3.4.1 updates and the 3.4.2 fixes.

If someone could/would update Yifan Lu's Frankenstein firmware from 3.1 to 3.4.2 for the DX/DXG - - then you should have what you want.

- - - - -

I recently look after a friend for six months who was blind in one eye and couldn't see out of the other.

In addition to using a DXG for reading, I took a 7 inch tablet with HDMI output that supported Bluetooth keyboard and mouse - - hooked into 46 inch HD TV as a monitor.

He could read that from across the room.

- - - - -

He has since had surgery to both eyes, can see again, and "left home" on his own.
knc1 is offline   Reply With Quote
Reply

Tags
fonts, fw3, hack, jailbreak 3.1, niluje's hacks, screensavers, usbnet

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
USB network can't connect Slusho64 Kindle Developer's Corner 22 01-23-2013 09:00 PM
USB Network help? XxKryoxX Kindle Developer's Corner 6 12-31-2012 08:47 AM
Is there a hacks to install Time to read feature in other Kindles ? Biberkopf Kindle Developer's Corner 1 11-27-2012 04:08 PM
Hacks DXG Font hacks ? nimblem Amazon Kindle 2 09-21-2010 03:35 PM
Font Hacks wildchild06241 Introduce Yourself 5 06-24-2010 08:08 PM


All times are GMT -4. The time now is 11:26 AM.


MobileRead.com is a privately owned, operated and funded community.