From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mail-b.sr.ht; dkim=pass header.d=disroot.org header.i=@disroot.org Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139]) by mail-b.sr.ht (Postfix) with ESMTPS id 4E82011EF61 for <~cnx/loang@lists.sr.ht>; Tue, 1 Nov 2022 16:24:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 36DA7412FF for <~cnx/loang@lists.sr.ht>; Tue, 1 Nov 2022 17:24:08 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DE9Ipxaw0IZL for <~cnx/loang@lists.sr.ht>; Tue, 1 Nov 2022 17:24:06 +0100 (CET) Mime-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1667319846; bh=vZcFNAIa+Bd34Y8ZQtvbyQGPgJYcCetopBPvB5x7cuc=; h=Date:From:Subject:To; b=fOd/OhR+a4McqhU9WqYLq0/CGsH5eqexwizYIOMXg120/UgQgsHwXkMqyfiWLEi/i 2vguWuieOegmTPcNAYfEMclqNQ7X0PI1W8bsqo/eB286B+EiKgQxCgL8SbFtkBCoau kbAV9Kdq5ctdxRPRSBoo6I4OkbuOfNPZ8UsU5TNJ6G/alWd7glpahgquEtrnYdH005 QZBSPVePJ4vvk2DBtKRDdwE3mWvZe9qWAgekpklw+OlJFG6hVZVr3V+CvnuQFmk4em LbEFJsdhmMZ86Tj+dK0PyMMNiGQZnWZyomuu1e6aHHG5D3z4Ux3plkGfhrSWgC1IQq G0f1beRIDitiw== Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Wed, 02 Nov 2022 01:24:01 +0900 Message-Id: From: =?utf-8?q?Nguy=E1=BB=85n_Gia_Phong?= Subject: OpenSSL temporary downgraded to 1.1.1 To: <~cnx/loang@lists.sr.ht> In lights of CVE-2022-3786 and CVE-2022-3602, OpenSSL has been downgraded to 1.1.1 for nginx. I think it's the only public-facing service using OpenSSL 3 on NixOS unstable at the moment. Big thanks to Xe and ckie for the guide: https://xeiaso.net/blog/nixos-nginx-openssl-1.x