From 3c88786bb0d2c10a04ab991472224aa492d15aee Mon Sep 17 00:00:00 2001
From: Bart <bthomee@users.noreply.github.com>
Date: Fri, 10 Oct 2025 10:18:24 -0400
Subject: [PATCH] refactor: Downgrades OpenSSL to 3.5.4 (#5878)

This change downgrades OpenSSL 3.6.0 to 3.5.4. To avoid potential zero-day issues in a new major version of OpenSSL, 3.6.0, it is safer to stick with 3.5.4. While 3.6.0 has some nice new features, such as improved SHA512 hashing, it also introduces new features that could contain bugs. In contrast, 3.5.4 has seen quite a few bug fixes over 3.5.0 and has been used in the wild for a while now.
---
 conan.lock   | 2 +-
 conanfile.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/conan.lock b/conan.lock
index 9f52c606a7..cb25777423 100644
--- a/conan.lock
+++ b/conan.lock
@@ -9,7 +9,7 @@
         "rocksdb/10.0.1#85537f46e538974d67da0c3977de48ac%1756234304.347",
         "re2/20230301#dfd6e2bf050eb90ddd8729cfb4c844a4%1756234257.976",
         "protobuf/3.21.12#d927114e28de9f4691a6bbcdd9a529d1%1756234251.614",
-        "openssl/3.6.0#89e8af1d4a21afcac0557079d23d8890%1759746682.365",
+        "openssl/3.5.4#a1d5835cc6ed5c5b8f3cd5b9b5d24205%1759746684.671",
         "nudb/2.0.9#c62cfd501e57055a7e0d8ee3d5e5427d%1756234237.107",
         "lz4/1.10.0#59fc63cac7f10fbe8e05c7e62c2f3504%1756234228.999",
         "libiconv/1.17#1e65319e945f2d31941a9d28cc13c058%1756223727.64",
diff --git a/conanfile.py b/conanfile.py
index 4cd9bd3c5a..7f8ab24fbd 100644
--- a/conanfile.py
+++ b/conanfile.py
@@ -27,7 +27,7 @@ class Xrpl(ConanFile):
         'grpc/1.50.1',
         'libarchive/3.8.1',
         'nudb/2.0.9',
-        'openssl/3.6.0',
+        'openssl/3.5.4',
         'soci/4.0.3',
         'zlib/1.3.1',
     ]