Hi. Just to warn, the security update to 1.1.1d-0+deb10u1 broke our openssl to a bank. We use sury.org for PHP versions in ISPconfig. Error like: error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small Pinning to 1.1.1c-1+0~20190710.13+debian10~1.gbp359e02 fixed the bank problem. apt install openssl=1.1.1c-1+0~20190710.13+debian10~1.gbp359e02 nano /etc/apt/preferences.d/openssl #add Package: openssl Pin: version 1.1.1c-1+0~20190710.13+debian10~1.gbp359e02 Pin-Priority: 999 So now wait for sury.org updates openssl to 1.1.1d. I did email Ondrej Sury.
Fixed by sury.org new openssl: 1.1.1d-1+0~20191009.15+debian10~1.gbpd6badf So pin this new file so Debian do not overwrite by mistake. Was for Swish bankservice: https://www.getswish.se/
Better to pin to this: Pin: release o=deb.sury.org Then check 2 last lines when running apt policy Should show: Pinned package: openssl -> 1.1.1d-1+0~20191009.15+debian10~1.gbpd6badf with priority 999