Our openssl has been updated to version 0.9.8l which works around CVE-2009-3555 (see for instance http://extendedsubset.com/ or http://www.securityfocus.com/bid/36935). The vulnerability allows data injection by man-in-the-middle attackers, so you are advised to upgrade to the latest version by installing a current world and rebuilding any binaries that are linked statically against openssl. SSH is not affected.
The new openssl has also been merged into the 2.4 release branch. If you are running 2.4 or 2.4.1, you can git clone $mirror git checkout origin/DragonFly_RELEASE_2_4 make buildworld make buildkernel make installkernel make installworld make upgrade and restart all daemons that rely on openssl (you can do that by rebooting the machine if you are not sure which those are). Aggelos