From 2304711359ff33551d00bc6a90ac1bd88a06ad68 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?=
 <tristan.maat@codethink.co.uk>
Date: Mon, 31 Oct 2022 16:07:41 +0000
Subject: [PATCH] config: Mitigate upcoming SSL CVE

See
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html

As 1.1 is unaffected, this override should be sufficient to evade this
problem.
---
 configuration/default.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/configuration/default.nix b/configuration/default.nix
index f5d68fb..9c0ce68 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -25,6 +25,10 @@
         pkgs = prev;
         lib = prev.lib;
       };
+
+      # Mitigate
+      # https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
+      nginxStable = prev.nginxStable.override {openssl = prev.openssl_1_1;};
     })
   ];