There are still a few small things that I plan to fix for 2.3
detect tls protocol failures even earlier (done, just not committed)
better heartbleed detection (done, but I need to clean it up)
add starttls support to smtp/pop3
clean up the way dates are extracted from certs (found a different nicer API to use in OpenSSL, have to implement it)
perhaps: allow OCSP validation with data from stapling
Everything besides cleaning up date extraction is done. And that will take a bit.
Updates are in branch topic/bernhard/even-more-ssl-changes in bro and testing.