config: Mitigate upcoming SSL CVE

See https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html As 1.1 is unaffected, this override should be sufficient to evade this problem.
2022-10-31 16:07:41 +00:00 · 2022-10-31 16:07:41 +00:00 · 2304711359
parent 73023b817d
commit 2304711359
1 changed files with 4 additions and 0 deletions
--- a/configuration/default.nix
+++ b/configuration/default.nix
@ -25,6 +25,10 @@
        pkgs = prev;
        lib = prev.lib;
      };
+
+      # Mitigate
+      # https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
+      nginxStable = prev.nginxStable.override {openssl = prev.openssl_1_1;};
    })
  ];