Update openssl to 1.0.1n (?)
http://openssl.org/news/secadv_20150611.txt
It does not look drop-what-you're-doing urgent to me. They added some extra logjam protection against 'small' DH params but IIRC you needed to enable export ciphers to be vulnerable to that in the first place, and we do not ship with export ciphers enabled. The other fixes are 'medium' DoS things.
There is talk about ABI breakage but because we recompile everything during the build we should be fine. http://marc.info/?l=openssl-dev&m=143407129721271&w=2
cc @marin