It seems that on june 11th, something changed on the Nest servers that prevent my software to run properly on windows XP / windows server 2003.
I don't know what changed exactly but now none of the TLS ciphers supported on win XP are accepted by the Nest servers
I tested all of them using curl:
curl -v --tlsv1 --ciphers EXP-RC4-MD5 https://firebase-apiserver05-tah01-iad01.dapi.production.nest.com:9553/devices.json?auth=<my_token>
* About to connect() to firebase-apiserver05-tah01-iad01.dapi.production.nest.com port 9553 (#0)
* Trying 54.196.73.38... connected
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to firebase-apiserver05-tah01-iad01.dapi.production.nest.com:9553
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to firebase-apiserver05-tah01-iad01.dapi.production.nest.com:9553
If someone from Nest is reading this, would it be possible to enable at least one of the cipher supported by win XP?
alternatively is there a way to have more ciphers supported by SChannel in win XP? For example AES128-SHA works with the Nest servers using curl
Windows XP support ended in April last year (2014) and Windows Server 2003 support ends in a few days (14 July 2015). As a result they are limited to support older, and less secure protocols/ciphers.
I think you are out of luck with this one. If you had to I guess you could proxy the requests from legacy clients via another API that does support the less secure combinations of protocols/ciphers and then forward those requests to Nest. I wouldn't recommend it however.
Just make sure you consider any possible security ramifications.