Today, OpenSSL published security advisory Padding Oracle Attack (CVE-2016-2107) a high-serverity flaw.

This security flaw allows a man-in-the-middle (MITM) attacker to initiate Paddin Oracle Attack that can decrypt HTTPS traffic with AES-CBC cipher.