Well, the issue seems to be beyond just expired certs - it looks like it's also related to deprecated methods of doing SSL, which would require newer versions of SSL libraries, which in turn require newer versions of other libraries, etc etc. This new replacement libraries may then break other parts of the firmware, which would then require updating, and their dependencies would require updates, and so on. This issue could theoretically cascade to a "can't be done" level if it ultimately requires a kernel update, since the specific drivers provided by the SoC manufacturers are tied to very specific kernel versions.
Any changes to basic libraries would require rebuilding the firmware build systems, which have been hibernated for years. They pulled source files from SVN repos that no longer exist (we use git nowadays) so those would also have to be rebuilt from archives.
We'd have to do this for all four devices we're currently supporting. If we ever find a way to support dash through a hack, then it would all be moot, since it is impossible for us to replace that firmware.