Updated speculation and added spoiler'd "human" readable cert to post:
https://www.mobileread.com/forums/sho...postcount=3568
The originally posted problem (wikipedia) uses ec-prime256v1 public key, which may not be supported by name in the (old) DX web-kit browser.
It is also maked "TLS only".
Also note that the two translated samples date from
**BEFORE** "Poodle" was announced (the attack against TLS/SSLv3 that caused sites to stop supporting fallback or other use of SSLv3).
See:
http://googleonlinesecurity.blogspot...ng-ssl-30.html
- - - -
Well, we (I) certainly have dragged this thread Off-Topic, but ....
The two samples show that the sites will not even admit to supporting secure connections if TLS with fallback to SSLv3 support is sent by the client.
It must be TLS **ONLY**.
That probably would require a patch to web-kit in the 2.5.8 build.
Wikipedia might be another case, would have to check if the web-kit build in 2.5.8 was new enough to support elliptical curve cryptography (it might not be new enough).
- - - - -
Since we don't have the Experimental Browser code (that is Amazon proprietary), only the source to the web-kit library it is built on (we need both to patch 2.5.8) . . . .
I think the answer here is similar to Amazon's "won't fix" :
"Can't fix"
Sorry about that, but at least we gave some solid speculation as to why.