2019-12-14, 18:03
I used an online SSL test to check which protocols are supported by na.api.amazonvideo.com, and it actually looks like they indeed only support TLS 1.0.
I wasn't comfortable with allowing an insecure version of TLS, system-wide and by default, so I changed the /etc/ssl/openssl.cnf file back and managed to reproduce the error in a python shell, and also to fix it by forcing the session to use TLS 1.0 (using a custom HTTPS adapter). That should make it possible to make the login work without modifying the /etc/ssl/openssl.cnf file from its default so the old TLS is only ever used for this one connection.
Interestingly, however, everything works fine for me now even after changing /etc/ssl/openssl.cnf back to the default - probably that's because I'm already logged in now. I'm guessing na.api.amazonvideo.com is only used for the initial login, and afterwards it connects to a different server in the region (which in my case is not in North America)?
I wasn't comfortable with allowing an insecure version of TLS, system-wide and by default, so I changed the /etc/ssl/openssl.cnf file back and managed to reproduce the error in a python shell, and also to fix it by forcing the session to use TLS 1.0 (using a custom HTTPS adapter). That should make it possible to make the login work without modifying the /etc/ssl/openssl.cnf file from its default so the old TLS is only ever used for this one connection.
Interestingly, however, everything works fine for me now even after changing /etc/ssl/openssl.cnf back to the default - probably that's because I'm already logged in now. I'm guessing na.api.amazonvideo.com is only used for the initial login, and afterwards it connects to a different server in the region (which in my case is not in North America)?