1)Disable TLS Renegotiation - SP 17 takes care of thisWell, apply the patch then.
2)Add the HttpOnly to all cookiesThis is the default in 7.0.12 and later. A workaround is to ask your developers to include that option for all the cookies they generate.
3)Add the Secure flag to cookies sent over SSLAsk your developers to add the secure flag in all their web.xml files
4)Upgrade to latest SSL (I am assuming I can just download and install the latest openssl)The web server uses NSPR and it is updated in SP12+