finally openssl released a version with the new safe tls renegotiation feature implemented. Seems apache requires some adjustment and a release is going to happen within the next days: http://marc.info/?l=apache-httpd-dev&m=126713381215103&w=2 So I'm cc-ing apache.
0.9.8m now in the tree