SSL fuzzing seems like it could be a really profitable area of research. I wonder why there aren't better conformance testing tools for SSL (other than SSL being kind of hideously baroque).