The flaw, which only affects the SSL 3.0 protocol, makes traffic vulnerable to man-in-the-middle attacks. We have dropped support for SSL 3.0 on fsf.org and gnu.org until a fix is released.

SSL 3.0 is nearly two decades old so most users will not be impacted by this change as we will continue to support modern encryption protocols. Older Web browsers without support for TLS 1.0 or later may have trouble connecting to our websites using a secure http connection (https).

A summary of CVE-2014-3566 can be found on the National Vulnerability Database.

The OpenSSL project has also produced a technical report (PDF) on the vulnerability.