Peter Avalos has updated OpenSSL, though this version is apparently a bugfix, not a security fix.  Still need it anyway, since it disabled TLS 1.1 in an unexpected way.  See the OpenSSL changelog entry at “[26 Apr 2012]” for details.