question

newuser-9f2bd19c-0661-4218-820e-ec5a8331dac1 avatar image

[Suggestion] Amazon should expand the offered ciphers when connecting to custom endpoints

When using a custom endpoint for hosting an Alexa skill, every time the skill is activated, Amazon (acting as a client) starts a TLS connection and offers a set of possible TLS v1.2 ciphers to the endpoint:


Notice, however, that all these ciphers are CBC.

The problem is that the recommended set of ciphers for servers to accept only includes GCM ciphers (which is a good thing, as explained here).

So... if possible, it would be nice to update the Alexa client to also include all GCM variants of the ciphers.


PS: I found this problem when trying to deploy my own endpoint using a default nginx reverse proxy configuration. So this is actually something that can happen, and not some crazy scenario (also, it was a pain in the ass to debug :P )

alexasslask sdk
10 |5000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Gaetano@Amazon avatar image
Gaetano@Amazon answered

Hello,

Thanks for the great suggestion.

I'd suggest posting this as a feature request in Uservoice for Alexa over here.

Regards,

Gaetano

10 |5000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

newuser-c80b6e8f-45dc-4219-85f9-55ab5411ce85 avatar image
newuser-c80b6e8f-45dc-4219-85f9-55ab5411ce85 answered

For anyone reading this 23.04.2021 or onwards: Newer cyphers like GCM are supported. Another reason for connection issues can be wildcard certificates which need to be specifically allowed in "build => endpoint => service endpoint type => HTTPS"

[...] is a dub-domain of a domain that has a wildcard certificate [...]

Best Regards

10 |5000 characters needed characters left characters exceeded

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.