It's easy to make OpenSSL use a lot of memory : sending an incomplete client
hello already makes it allocate a lot of buffers. Here we simply release the
unused read buffer if the hello is incomplete. That saves about 33kB of memory
per session during this phase, and goes down from about 76kB to about 43kB.

--- ./ssl/s23_srvr.c.orig	2014-11-12 17:34:15.869365542 +0100
+++ ./ssl/s23_srvr.c	2014-11-12 17:35:13.537689420 +0100
@@ -268,7 +268,11 @@
 		if (!ssl3_setup_read_buffer(s)) goto err;
 
 		n=ssl23_read_bytes(s, sizeof buf_space);
-		if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
+		if (n != sizeof buf_space)
+			{
+			ssl3_release_read_buffer(s);
+			return(n); /* n == -1 || n == 0 */
+			}
 
 		p=s->packet;
 
@@ -473,7 +477,11 @@
 		/* We previously read 11 bytes, so if j > 0, we must have
 		 * j == n+2 == s->packet_length. We have at least 11 valid
 		 * packet bytes. */
-		if (j <= 0) return(j);
+		if (j <= 0)
+			{
+			ssl3_release_read_buffer(s);
+			return(j);
+			}
 
 		ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
 		if (s->msg_callback)