From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mail-b.sr.ht; dkim=pass header.d=disroot.org header.i=@disroot.org
Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139])
	by mail-b.sr.ht (Postfix) with ESMTPS id 4E82011EF61
	for <~cnx/loang@lists.sr.ht>; Tue,  1 Nov 2022 16:24:09 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by disroot.org (Postfix) with ESMTP id 36DA7412FF
	for <~cnx/loang@lists.sr.ht>; Tue,  1 Nov 2022 17:24:08 +0100 (CET)
X-Virus-Scanned: SPAM Filter at disroot.org
Received: from knopi.disroot.org ([127.0.0.1])
	by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id DE9Ipxaw0IZL for <~cnx/loang@lists.sr.ht>;
	Tue,  1 Nov 2022 17:24:06 +0100 (CET)
Mime-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail;
	t=1667319846; bh=vZcFNAIa+Bd34Y8ZQtvbyQGPgJYcCetopBPvB5x7cuc=;
	h=Date:From:Subject:To;
	b=fOd/OhR+a4McqhU9WqYLq0/CGsH5eqexwizYIOMXg120/UgQgsHwXkMqyfiWLEi/i
	 2vguWuieOegmTPcNAYfEMclqNQ7X0PI1W8bsqo/eB286B+EiKgQxCgL8SbFtkBCoau
	 kbAV9Kdq5ctdxRPRSBoo6I4OkbuOfNPZ8UsU5TNJ6G/alWd7glpahgquEtrnYdH005
	 QZBSPVePJ4vvk2DBtKRDdwE3mWvZe9qWAgekpklw+OlJFG6hVZVr3V+CvnuQFmk4em
	 LbEFJsdhmMZ86Tj+dK0PyMMNiGQZnWZyomuu1e6aHHG5D3z4Ux3plkGfhrSWgC1IQq
	 G0f1beRIDitiw==
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
Date: Wed, 02 Nov 2022 01:24:01 +0900
Message-Id: <CO13K12QHLNO.3F8SSS9EXVKXX@nix>
From: =?utf-8?q?Nguy=E1=BB=85n_Gia_Phong?= <mcsinyx@disroot.org>
Subject: OpenSSL temporary downgraded to 1.1.1
To: <~cnx/loang@lists.sr.ht>

In lights of CVE-2022-3786 and CVE-2022-3602,
OpenSSL has been downgraded to 1.1.1 for nginx.
I think it's the only public-facing service
using OpenSSL 3 on NixOS unstable at the moment.

Big thanks to Xe and ckie for the guide:
https://xeiaso.net/blog/nixos-nginx-openssl-1.x