Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 05-22-2017, 09:19 AM   #46
knc1
Ex-Helpdesk Addict
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 13,555
Karma: 14443163
Join Date: Feb 2012
Location: Central Texas
Device: No PW2, KV, KOA
Quote:
Originally Posted by mergen3107 View Post
So we need to do something like this but on Kindle itself and with Amazon-specific parts too, right?
*) Similar.
That only adds the root certificates for cacert.org, certificate authority.
You want to replace current with the entire set of current ca root certificates.

*) Need not be done on the Kindle, only the end result needs to be on the Kindle.

*) Do not expect the Kindle to have the Debian/Ubunta certificate installer command available.

*) There is no "Amazon specific" parts.
Amazon is not a root ca, so they purchase the use of an existing certificate authority's root. Just like normal people have to.

= = = = =

Your first step is to do as I advised you to do, download the current Debian package:
https://packages.debian.org/jessie/ca-certificates
(So scroll to the bottom of that page for the link. Click the list of files on the right to see what you will be getting in the package.)
or
https://packages.debian.org/jessie/a...cates/download
(Ignore the advice in the big red box, Kindles are not that similar to Debian/Jessie.)

Download to a directory, your choice of name, for this specific purpose.

Now, in that same directory which now has ONLY the ca-certificates package, make a new directory, your choice of name, to hold the contents.

Open the Debian package with your archive handling tool, and extract the contents to the directory which you just made for the purpose.

On my machine, I just used the path:
ca-cert/20170517-deb/
for the two directories - they don't have to be that name, but that name path will remind you of what to expect when you reach the end.
The lowest level path directory name includes the most recent update date of the package.

Now you archiver will have created the paths included in the archive. In:
ca-cert/20170517-deb/usr/bin
You will find a script file that installs the package on a Debian system.
Use that as a guide to what needs to be translated to a set of Kindle directions, DO NOT use something you stumbled upon on the 'net as your guide.

in ca-cert/20170517-deb/etc/ssl/certs - that is where the symbolic links are at in a Debian system, I expect that in a Amazon system that has not been change.
But it might have, so check it (I don't have a current K4 running so that I can give you specific directions).

in ca-cert/20170517-deb/usr/share/ca-certificates
you will find two directories -
Those have the new content you want to use to replace the existing, out-dated, content on your Kindle.

They probably will not need any processing other than moving.
But first find the location on the Kindle that holds things of similar filename, just to be sure.

Do whatever you find necessary to make what you have, fit into the directory tree structure that the Kindle uses.

For instance: in ca-cert/20170517-deb/usr/share/ca-certificates/mozilla
directory (at end of file tree) has 173 current certificate authority root certificates.
You don't want to rename those files, but you do have to put them on the Kindle's file system (where the old ones now are at) and put symbolic links to them (wherever the Kindle's file system has the links to the old ones currently installed).
Code:
 Downloads $ tree ca-cert
ca-cert
├── 20170517-deb
│   ├── DEBIAN
│   │   ├── config
│   │   ├── control
│   │   ├── md5sums
│   │   ├── postinst
│   │   ├── postrm
│   │   ├── templates
│   │   └── triggers
│   ├── etc
│   │   ├── ca-certificates
│   │   │   └── update.d
│   │   └── ssl
│   │       └── certs
│   └── usr
│       ├── sbin
│       │   └── update-ca-certificates
│       └── share
│           ├── ca-certificates
│           │   ├── mozilla
│           │   │   ├── ACCVRAIZ1.crt
│           │   │   ├── ACEDICOM_Root.crt
│           │   │   ├── AC_Raíz_Certicámara_S.A..crt
│           │   │   ├── Actalis_Authentication_Root_CA.crt
│           │   │   ├── AddTrust_External_Root.crt
│           │   │   ├── AddTrust_Low-Value_Services_Root.crt
│           │   │   ├── AddTrust_Public_Services_Root.crt
│           │   │   ├── AddTrust_Qualified_Certificates_Root.crt
│           │   │   ├── AffirmTrust_Commercial.crt
│           │   │   ├── AffirmTrust_Networking.crt
│           │   │   ├── AffirmTrust_Premium.crt
│           │   │   ├── AffirmTrust_Premium_ECC.crt
│           │   │   ├── ApplicationCA_-_Japanese_Government.crt
│           │   │   ├── Atos_TrustedRoot_2011.crt
│           │   │   ├── Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
│           │   │   ├── Baltimore_CyberTrust_Root.crt
│           │   │   ├── Buypass_Class_2_CA_1.crt
│           │   │   ├── Buypass_Class_2_Root_CA.crt
│           │   │   ├── Buypass_Class_3_Root_CA.crt
│           │   │   ├── CA_Disig_Root_R1.crt
│           │   │   ├── CA_Disig_Root_R2.crt
│           │   │   ├── Camerfirma_Chambers_of_Commerce_Root.crt
│           │   │   ├── Camerfirma_Global_Chambersign_Root.crt
│           │   │   ├── CA_WoSign_ECC_Root.crt
│           │   │   ├── Certification_Authority_of_WoSign_G2.crt
│           │   │   ├── Certigna.crt
│           │   │   ├── Certinomis_-_Autorité_Racine.crt
│           │   │   ├── Certinomis_-_Root_CA.crt
│           │   │   ├── Certplus_Class_2_Primary_CA.crt
│           │   │   ├── Certplus_Root_CA_G1.crt
│           │   │   ├── Certplus_Root_CA_G2.crt
│           │   │   ├── certSIGN_ROOT_CA.crt
│           │   │   ├── Certum_Root_CA.crt
│           │   │   ├── Certum_Trusted_Network_CA_2.crt
│           │   │   ├── Certum_Trusted_Network_CA.crt
│           │   │   ├── CFCA_EV_ROOT.crt
│           │   │   ├── Chambers_of_Commerce_Root_-_2008.crt
│           │   │   ├── China_Internet_Network_Information_Center_EV_Certificates_Root.crt
│           │   │   ├── CNNIC_ROOT.crt
│           │   │   ├── Comodo_AAA_Services_root.crt
│           │   │   ├── COMODO_Certification_Authority.crt
│           │   │   ├── COMODO_ECC_Certification_Authority.crt
│           │   │   ├── COMODO_RSA_Certification_Authority.crt
│           │   │   ├── Comodo_Secure_Services_root.crt
│           │   │   ├── Comodo_Trusted_Services_root.crt
│           │   │   ├── ComSign_CA.crt
│           │   │   ├── Cybertrust_Global_Root.crt
│           │   │   ├── Deutsche_Telekom_Root_CA_2.crt
│           │   │   ├── DigiCert_Assured_ID_Root_CA.crt
│           │   │   ├── DigiCert_Assured_ID_Root_G2.crt
│           │   │   ├── DigiCert_Assured_ID_Root_G3.crt
│           │   │   ├── DigiCert_Global_Root_CA.crt
│           │   │   ├── DigiCert_Global_Root_G2.crt
│           │   │   ├── DigiCert_Global_Root_G3.crt
│           │   │   ├── DigiCert_High_Assurance_EV_Root_CA.crt
│           │   │   ├── DigiCert_Trusted_Root_G4.crt
│           │   │   ├── DST_ACES_CA_X6.crt
│           │   │   ├── DST_Root_CA_X3.crt
│           │   │   ├── D-TRUST_Root_Class_3_CA_2_2009.crt
│           │   │   ├── D-TRUST_Root_Class_3_CA_2_EV_2009.crt
│           │   │   ├── EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
│           │   │   ├── EC-ACC.crt
│           │   │   ├── EE_Certification_Centre_Root_CA.crt
│           │   │   ├── Entrust.net_Premium_2048_Secure_Server_CA.crt
│           │   │   ├── Entrust_Root_Certification_Authority.crt
│           │   │   ├── Entrust_Root_Certification_Authority_-_EC1.crt
│           │   │   ├── Entrust_Root_Certification_Authority_-_G2.crt
│           │   │   ├── ePKI_Root_Certification_Authority.crt
│           │   │   ├── Equifax_Secure_CA.crt
│           │   │   ├── Equifax_Secure_eBusiness_CA_1.crt
│           │   │   ├── Equifax_Secure_Global_eBusiness_CA.crt
│           │   │   ├── E-Tugra_Certification_Authority.crt
│           │   │   ├── GeoTrust_Global_CA_2.crt
│           │   │   ├── GeoTrust_Global_CA.crt
│           │   │   ├── GeoTrust_Primary_Certification_Authority.crt
│           │   │   ├── GeoTrust_Primary_Certification_Authority_-_G2.crt
│           │   │   ├── GeoTrust_Primary_Certification_Authority_-_G3.crt
│           │   │   ├── GeoTrust_Universal_CA_2.crt
│           │   │   ├── GeoTrust_Universal_CA.crt
│           │   │   ├── Global_Chambersign_Root_-_2008.crt
│           │   │   ├── GlobalSign_ECC_Root_CA_-_R4.crt
│           │   │   ├── GlobalSign_ECC_Root_CA_-_R5.crt
│           │   │   ├── GlobalSign_Root_CA.crt
│           │   │   ├── GlobalSign_Root_CA_-_R2.crt
│           │   │   ├── GlobalSign_Root_CA_-_R3.crt
│           │   │   ├── Go_Daddy_Class_2_CA.crt
│           │   │   ├── Go_Daddy_Root_Certificate_Authority_-_G2.crt
│           │   │   ├── Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
│           │   │   ├── Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
│           │   │   ├── Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
│           │   │   ├── Hongkong_Post_Root_CA_1.crt
│           │   │   ├── IdenTrust_Commercial_Root_CA_1.crt
│           │   │   ├── IdenTrust_Public_Sector_Root_CA_1.crt
│           │   │   ├── IGC_A.crt
│           │   │   ├── ISRG_Root_X1.crt
│           │   │   ├── Izenpe.com.crt
│           │   │   ├── Juur-SK.crt
│           │   │   ├── Microsec_e-Szigno_Root_CA_2009.crt
│           │   │   ├── Microsec_e-Szigno_Root_CA.crt
│           │   │   ├── NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
│           │   │   ├── Network_Solutions_Certificate_Authority.crt
│           │   │   ├── OISTE_WISeKey_Global_Root_GA_CA.crt
│           │   │   ├── OISTE_WISeKey_Global_Root_GB_CA.crt
│           │   │   ├── OpenTrust_Root_CA_G1.crt
│           │   │   ├── OpenTrust_Root_CA_G2.crt
│           │   │   ├── OpenTrust_Root_CA_G3.crt
│           │   │   ├── PSCProcert.crt
│           │   │   ├── QuoVadis_Root_CA_1_G3.crt
│           │   │   ├── QuoVadis_Root_CA_2.crt
│           │   │   ├── QuoVadis_Root_CA_2_G3.crt
│           │   │   ├── QuoVadis_Root_CA_3.crt
│           │   │   ├── QuoVadis_Root_CA_3_G3.crt
│           │   │   ├── QuoVadis_Root_CA.crt
│           │   │   ├── Root_CA_Generalitat_Valenciana.crt
│           │   │   ├── RSA_Security_2048_v3.crt
│           │   │   ├── Secure_Global_CA.crt
│           │   │   ├── SecureSign_RootCA11.crt
│           │   │   ├── SecureTrust_CA.crt
│           │   │   ├── Security_Communication_EV_RootCA1.crt
│           │   │   ├── Security_Communication_RootCA2.crt
│           │   │   ├── Security_Communication_Root_CA.crt
│           │   │   ├── Sonera_Class_2_Root_CA.crt
│           │   │   ├── Staat_der_Nederlanden_EV_Root_CA.crt
│           │   │   ├── Staat_der_Nederlanden_Root_CA_-_G2.crt
│           │   │   ├── Staat_der_Nederlanden_Root_CA_-_G3.crt
│           │   │   ├── Starfield_Class_2_CA.crt
│           │   │   ├── Starfield_Root_Certificate_Authority_-_G2.crt
│           │   │   ├── Starfield_Services_Root_Certificate_Authority_-_G2.crt
│           │   │   ├── StartCom_Certification_Authority_2.crt
│           │   │   ├── StartCom_Certification_Authority.crt
│           │   │   ├── StartCom_Certification_Authority_G2.crt
│           │   │   ├── S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
│           │   │   ├── S-TRUST_Universal_Root_CA.crt
│           │   │   ├── Swisscom_Root_CA_1.crt
│           │   │   ├── Swisscom_Root_CA_2.crt
│           │   │   ├── Swisscom_Root_EV_CA_2.crt
│           │   │   ├── SwissSign_Gold_CA_-_G2.crt
│           │   │   ├── SwissSign_Platinum_CA_-_G2.crt
│           │   │   ├── SwissSign_Silver_CA_-_G2.crt
│           │   │   ├── SZAFIR_ROOT_CA2.crt
│           │   │   ├── Taiwan_GRCA.crt
│           │   │   ├── TC_TrustCenter_Class_3_CA_II.crt
│           │   │   ├── TeliaSonera_Root_CA_v1.crt
│           │   │   ├── thawte_Primary_Root_CA.crt
│           │   │   ├── thawte_Primary_Root_CA_-_G2.crt
│           │   │   ├── thawte_Primary_Root_CA_-_G3.crt
│           │   │   ├── Trustis_FPS_Root_CA.crt
│           │   │   ├── T-TeleSec_GlobalRoot_Class_2.crt
│           │   │   ├── T-TeleSec_GlobalRoot_Class_3.crt
│           │   │   ├── TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
│           │   │   ├── TURKTRUST_Certificate_Services_Provider_Root_2007.crt
│           │   │   ├── TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5.crt
│           │   │   ├── TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H6.crt
│           │   │   ├── TWCA_Global_Root_CA.crt
│           │   │   ├── TWCA_Root_Certification_Authority.crt
│           │   │   ├── USERTrust_ECC_Certification_Authority.crt
│           │   │   ├── USERTrust_RSA_Certification_Authority.crt
│           │   │   ├── UTN_USERFirst_Email_Root_CA.crt
│           │   │   ├── UTN_USERFirst_Hardware_Root_CA.crt
│           │   │   ├── Verisign_Class_1_Public_Primary_Certification_Authority.crt
│           │   │   ├── Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt
│           │   │   ├── Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt
│           │   │   ├── Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt
│           │   │   ├── Verisign_Class_3_Public_Primary_Certification_Authority.crt
│           │   │   ├── Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
│           │   │   ├── VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
│           │   │   ├── VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
│           │   │   ├── VeriSign_Universal_Root_Certification_Authority.crt
│           │   │   ├── Visa_eCommerce_Root.crt
│           │   │   ├── WellsSecure_Public_Root_Certificate_Authority.crt
│           │   │   ├── WoSign_China.crt
│           │   │   ├── WoSign.crt
│           │   │   └── XRamp_Global_CA_Root.crt
│           │   └── spi-inc.org
│           │       └── spi-cacert-2008.crt
│           ├── doc
│           │   └── ca-certificates
│           │       ├── changelog.gz
│           │       ├── copyright
│           │       ├── examples
│           │       │   └── ca-certificates-local
│           │       │       ├── debian
│           │       │       │   ├── ca-certificates-local.triggers
│           │       │       │   ├── changelog
│           │       │       │   ├── compat
│           │       │       │   ├── control
│           │       │       │   ├── copyright
│           │       │       │   ├── postrm
│           │       │       │   ├── rules
│           │       │       │   └── source
│           │       │       │       └── format
│           │       │       ├── local
│           │       │       │   ├── Local_Root_CA.crt
│           │       │       │   └── Makefile
│           │       │       ├── Makefile
│           │       │       └── README
│           │       ├── NEWS.Debian.gz
│           │       └── README.Debian
│           └── man
│               └── man8
│                   └── update-ca-certificates.8.gz
└── ca-certificates_20141019+deb8u3_all.deb
You can see by the names that the package has human readable examples, scripts, and other information that may be helpful.

So read them.

Like I posted above, I don't have a K4 running on which to invent a set of key-stroke by key-stroke directions for you.

Note:
If your archive tool can't un-archive a *.deb package -
They are just an ar archive that contain other archives (you will recognize them by name).
knc1 is offline   Reply With Quote
Advert
Old 05-22-2017, 01:05 PM   #47
mergen3107
Enthusiast
mergen3107 began at the beginning.
 
mergen3107's Avatar
 
Posts: 31
Karma: 12
Join Date: Feb 2012
Location: Cape Canaveral
Device: Kindle 4 NT Black 4.1.3; Kindle Touch 5.3.7.3
Thank you knc1! I'll try
mergen3107 is offline   Reply With Quote
Old 05-22-2017, 02:46 PM   #48
knc1
Ex-Helpdesk Addict
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 13,555
Karma: 14443163
Join Date: Feb 2012
Location: Central Texas
Device: No PW2, KV, KOA
Quote:
Originally Posted by mergen3107 View Post
Thank you knc1! I'll try
You should probably check what certificate chain is being sent by the site you are having trouble with (easier from your pc than from Kindle, but this will work from Kindle also).

Then see if the required root certificate (the one not in the chain) is in the collection of root certificates.
No sense in going to all of that work if it isn't going to fix the problem.
Note: Sometime servers are configured to not send all intermediate certificates, which is wrong, but what can you do? (unless you are the server admin )

Ref:
https://langui.sh/2009/03/14/checkin...-with-openssl/

A worked example, just substitute the domain name you are having trouble with:
(If your PC does not have OpenSSL installed, discard it, it is a junk system your Kindle does have it installed.)

Spoiler:

Code:
~ $ openssl s_client -showcerts -connect www.amazon.com:443
CONNECTED(00000003)
3077437592:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1199:SSL alert number 40
3077437592:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:595:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1495477646
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---
core2quad ~ $ openssl s_client -showcerts -tls1 -connect www.amazon.com:443
CONNECTED(00000003)
depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA - G4
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=www.amazon.com
   i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
-----BEGIN CERTIFICATE-----
MIIGmzCCBYOgAwIBAgIQHUq9qnjQmv55nUG863p2YjANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE2MTAzMTAwMDAwMFoX
DTE3MTIzMTIzNTk1OVowaDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0
b24xEDAOBgNVBAcMB1NlYXR0bGUxGTAXBgNVBAoMEEFtYXpvbi5jb20sIEluYy4x
FzAVBgNVBAMMDnd3dy5hbWF6b24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAwlooZ3Wf+B8c1nTZj/14wCPIjyhcOV5ytEZQDbtftWixOxTpG2Sl
k2GI1pztESpopBmbY/haM5YNWDYDHr01AQvzAqwsNyz5sX4rytkIEWI92DomKbvx
QKry0m0Zuj9MzabZb2vHb0dbWwUl2yXn5nlfHJSfmD0TS3UFNaQzXExFnlKU/i7V
omLEB/O9OtfJ0V2XZzbzOx3RfvTy5wmn4AxCC7nGRklNBKVa+npRl0zj+loyCaM+
AF5YV9ZbURIuxYiZOW3u2a66VzYwCRa2EdtIbPALO/dSrFNAuaAhKqpFN0OB42d1
6IWUOKiMiHDJL512YAJJBmfQPI7fVQtXJwIDAQABo4IDKTCCAyUwgdQGA1UdEQSB
zDCByYIKYW1hem9uLmNvbYIIYW16bi5jb22CEXVlZGF0YS5hbWF6b24uY29tgg11
cy5hbWF6b24uY29tgg53d3cuYW1hem9uLmNvbYIMd3d3LmFtem4uY29tghRjb3Jw
b3JhdGUuYW1hem9uLmNvbYIRYnV5Ym94LmFtYXpvbi5jb22CEWlwaG9uZS5hbWF6
b24uY29tgg15cC5hbWF6b24uY29tgg9ob21lLmFtYXpvbi5jb22CFW9yaWdpbi13
d3cuYW1hem9uLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAj
BggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIw
GQwXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RD
FIpgKrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNv
bS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Mu
c3ltY2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNy
dDCCAQYGCisGAQQB1nkCBAIEgfcEgfQA8gB3AN3rHSt6DU+mIIuBrYFocH4ujp0B
1VyIjT0RxM227L7MAAABWBifyfEAAAQDAEgwRgIhAOnxZYIIOlu0L1nvY3+yk8Ay
gYzt3RsoZD1Wcs5Tl+W/AiEArj03tMyYoSa1I25zrqujXDQp5GnMXoI0MHAXINWc
EV0AdwBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVgYn8oaAAAE
AwBIMEYCIQDRlQQ8KC2R/bvOeWJr0FGedxbjE4OglejZEYKSCHekRQIhALbGyJPw
AagwlRnFD5iqE1ZzSTO6uadnKEazPJcW2sRnMA0GCSqGSIb3DQEBCwUAA4IBAQA6
5KlsAxxtgfs05qV0ywTqM6qGzBkMIgJzJpCh9OR+X+STrfjphnLQlOwIuHxiF0oV
phsf9oYW6TYQimBIKoFpP94WbG2ojsr39YJ6kiDhudt3ef24QnZ3AtnXM5OLVv46
iwZst4TwdwO3/Ialn7ql3sVX7+13yscEXfwfMT0JI1yzl+vZ8tR6bc5X9HqwjuAD
JelImPs/TxshDt3JRhbUuKcFxjaEcEtRqoGemgZgEpRnifUSBvnl01IVzb71DGWu
Bpx0qrpruMAUU1lOJrg/rwQMSXC2lSZDiDn1cjK0z+XLi7x86N/7jW6zKh5RjSgr
r6H7ZhiwtwpJzLsjT1CX
-----END CERTIFICATE-----
 1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ/zANBgkqhkiG9w0BAQsFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQsw
CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV
BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENs
YXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJb
A3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW
9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzu
s3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8T
L9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVK
Fpd6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0T
AQH/BAgwBgEB/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2Iu
Y29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEw
HwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpg
hkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20v
Y3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkG
A1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4E
FgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnz
Qzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxny
H1mrWH5sJgUs+oHXXCMXIiw3k/eG7IXmsKP9H+IyqEVv4dn7ua/ScKAyQmW/hP4W
Ko8/xabWo5N9Q+l0IZE1KPRj6S7t9/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtG
QGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt/eV5E1PnXi8t
TRttQBVSK/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTY
Kvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A/yO0+MKcc=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=www.amazon.com
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
---
No client certificate CA names sent
---
SSL handshake has read 3698 bytes and written 343 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : ECDHE-RSA-AES128-SHA
    Session-ID: C58E762E373E62BEE8A3C3C0FAC6603A9920FAFAEABC5AD2AD7DB736F29CEB90
    Session-ID-ctx: 
    Master-Key: FBB5A672AC618550ADAD2AC310982F87AD5399631D504ED2ED20334DB4A85FEC7C41B03449D9129FA316A2AB8E5F99B8
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 10800 (seconds)
    TLS session ticket:
    0000 - 3c c8 ae 09 0c 74 45 f2-a4 59 98 34 5b fb 7b aa   <....tE..Y.4[.{.
    0010 - df aa 04 01 c9 7b f8 20-2e 10 4d bc 59 65 b7 97   .....{. ..M.Ye..
    0020 - 50 b8 89 6d e5 45 52 2b-9e 56 4c e3 67 70 27 b1   P..m.ER+.VL.gp'.
    0030 - f4 17 96 ef 8a 5f 57 e9-6c 94 65 5a 2c 78 31 e7   ....._W.l.eZ,x1.
    0040 - b1 34 dd 55 d6 ab 4e 3d-ed 1e d4 13 6f a3 25 b4   .4.U..N=....o.%.
    0050 - cf aa 08 5b 3b 99 92 dc-04 0c cd e9 96 53 5e d7   ...[;........S^.
    0060 - 12 b4 fb 32 7d 53 fb a4-82 ef cd cd ab 47 50 02   ...2}S.......GP.
    0070 - 32 c4 dd 02 ba f2 55 d7-aa 1d 66 15 fe 5b dc 9b   2.....U...f..[..
    0080 - 03 28 22 3b 48 3b ea bf-b9 54 fb 04 db 76 f9 39   .(";H;...T...v.9
    0090 - 3e 8f 73 d4 45 4c 1b cb-09 32 d5 e3 db ad 4c 82   >.s.EL...2....L.

    Start Time: 1495477711
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---

Terminate the session with a ctrl-d

Note the sample above has two attempts, only the second one uses tls1 (which is what that March 2016 update added to your Kindle).
You can see that Amazon is no longer accepting anything other than tls1 (see first attempt in the spoiler - which failed).
knc1 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Legal web site: "Please stop calling Amazon a monopoly" fjtorres General Discussions 44 10-19-2014 05:25 AM
Possible bug: "Aborted" rendering in Web Browser with text boxes arspr Kobo Reader 0 09-27-2014 08:21 AM
Is there any site that can shrink/split web pages for kindle's "basic web"? thanks kocoman Amazon Kindle 1 03-22-2013 06:01 PM
Barnes & Noble mulls Android SDK for Nook, says web browser "if readers want it" sforce News 15 10-22-2009 03:25 AM
Mobileread wins "Best Technology Web Site" award Colin Dunstan Announcements 3 01-04-2006 10:51 AM


All times are GMT -4. The time now is 02:36 PM.


MobileRead.com is a privately owned, operated and funded community.