OpenSSL released a security advisory on September 22, 2016, describing several vulnerabilities fixed in the newest releases [1].
Most of the vulnerabilities are rated with severity low. One vulnerability CVE-2016-6304 is rated with severity high [2]. Denial of service may be possible by sending an excessively large OCSP Status Request extension and continually triggering renegotiation. Airlock WAF is affected, even if OCSP is not enabled.
Hotfixes are available for Airlock WAF 5.3.1 and 6.0 to update OpenSSL to version 1.0.1u and 1.0.2i (for version 6.0). The criticality of the hotfixes is high.