First off, thanks to all who contributed to this thread. I must admit I did not understand much of it, however as someone plagued by this bug (we have a bunch of cherrypy REST servers talking to iOS and Android clients and have seen a lot of those fallback errors), I must admit I'm a bit of a loss on how to proceed here with regards to the future.
Yes, I have downgraded my libssl to deb7u12, however I wonder if the openssl team or debian or anyone capable of fixing this issue for good in future openssl releases is aware of what we found here. How to proceed? Especially in light of a new debian release (not sure whether I can downgrade to deb7u12 on jessie...).
Best regards,
Michael Lauer.