untrusted comment: signature from openbsd 6.0 base secret key
RWSho3oKSqgLQxiq51WTIK3qrNKc5AWhXdPYQuvyLDUcT1XyY0eMjaeMElPHQNTmLhh71i2s2ioVSx7VX+y78HVn9KT09SJItA4=

OpenBSD 6.0 errata 022, May 7, 2017:

Incorrect DTLS cookie handling can result in a NULL pointer dereference.

Apply by doing:
    signify -Vep /etc/signify/openbsd-60-base.pub -x 022_libssl.patch.sig \
        -m - | (cd /usr/src && patch -p0)

And then rebuild and install libssl:
	cd /usr/src/lib/libssl/ssl
	make obj
	make depend
	make
	make install

Index: lib/libssl/src/ssl/s3_srvr.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/Attic/s3_srvr.c,v
retrieving revision 1.126.2.1
retrieving revision 1.126.2.2
diff -u -p -r1.126.2.1 -r1.126.2.2
--- lib/libssl/src/ssl/s3_srvr.c	3 Oct 2016 11:23:13 -0000	1.126.2.1
+++ lib/libssl/src/ssl/s3_srvr.c	30 Apr 2017 00:06:09 -0000	1.126.2.2
@@ -721,7 +721,7 @@ ssl3_send_hello_request(SSL *s)
 int
 ssl3_get_client_hello(SSL *s)
 {
-	int i, j, ok, al, ret = -1;
+	int i, j, ok, al, ret = -1, cookie_valid = 0;
 	unsigned int cookie_len;
 	long n;
 	unsigned long id;
@@ -887,7 +887,7 @@ ssl3_get_client_hello(SSL *s)
 				goto f_err;
 			}
 
-			ret = 2;
+			cookie_valid = 1;
 		}
 
 		p += cookie_len;
@@ -1070,8 +1070,8 @@ ssl3_get_client_hello(SSL *s)
 		goto err;
 	}
 
-	if (ret < 0)
-		ret = 1;
+	ret = cookie_valid ? 2 : 1;
+
 	if (0) {
 truncated:
 		al = SSL_AD_DECODE_ERROR;