In lights of CVE-2022-3786 and CVE-2022-3602,
OpenSSL has been downgraded to 1.1.1 for nginx.
I think it's the only public-facing service
using OpenSSL 3 on NixOS unstable at the moment.
Big thanks to Xe and ckie for the guide:
https://xeiaso.net/blog/nixos-nginx-openssl-1.x