OpenSSL is vulnerable to an ECDSA P-256 timing attack. Please see the tracker bug 605414 for more details.
Fixed by: https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008 $ git tag --contains 8aed2a7548362e88e84a7feb795a3a97e8395008 | sort -u OpenSSL_1_0_2 OpenSSL_1_0_2a OpenSSL_1_0_2b OpenSSL_1_0_2-beta3 OpenSSL_1_0_2c OpenSSL_1_0_2d OpenSSL_1_0_2e OpenSSL_1_0_2f OpenSSL_1_0_2g OpenSSL_1_0_2h OpenSSL_1_0_2i OpenSSL_1_0_2j Version in repository: 1.0.2j Repository is clean, nothing left to do.