I've put up an example of how the OpenSSL msg_callback capability can be used in an application to detect (and to block the connection by forcing a close of the connection) independent of the OpenSSL library code.
The preferred approach is always to upgrade to a patched release - but if you are unsure if your release is patched or you don't have sufficient access to install patched libraries on your system this option is a way to handle it. https://gist.github.com/t-j-h/11337380 The code fragment is shows an example msg_callback and there is a block at the end showing how to plug it into your application. Tim. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org