diff --git a/CHANGELOG b/CHANGELOG
index 9dfe692..4b4867e 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,4 +1,11 @@
 --------------------------------------------------------------------------------
+LuaSec 0.4.1
+------------
+- SSL options updated --- based on OpenSSL 1.0.0d.
+- Activate SSL_MODE_RELEASE_BUFFERS by default if it is available.
+  (thanks Prosody project)
+
+---------------------------------------------------------------------------------
 LuaSec 0.4
 ------------
 - Add option 'no_ticket' (included in OpenSSL 0.9.8f).
diff --git a/INSTALL b/INSTALL
index faa0436..b65aa7e 100644
--- a/INSTALL
+++ b/INSTALL
@@ -1,4 +1,4 @@
-LuaSec 0.4
+LuaSec 0.4.1
 ------------
 
 * On Linux, BSD, and Mac OS X:
diff --git a/LICENSE b/LICENSE
index 07b8826..ec56917 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,5 +1,5 @@
-LuaSec 0.4 license
-Copyright (C) 2006-2009 Bruno Silvestre, PUC-Rio
+LuaSec 0.4.1 license
+Copyright (C) 2006-2011 Bruno Silvestre, PUC-Rio
 
 Permission is hereby granted, free  of charge, to any person obtaining
 a  copy  of this  software  and  associated  documentation files  (the
diff --git a/src/buffer.c b/src/buffer.c
index 673fd6f..8e755be 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -195,7 +195,7 @@ static int recvline(p_buffer buf, luaL_Buffer *b) {
         pos = 0;
         while (pos < count && data[pos] != '\n') {
             /* we ignore all \r's */
-            if (data[pos] != '\r') luaL_putchar(b, data[pos]);
+            if (data[pos] != '\r') luaL_addchar(b, data[pos]);
             pos++;
         }
         if (pos < count) { /* found '\n' */
diff --git a/src/context.c b/src/context.c
index 416b504..53e3d3a 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1,6 +1,6 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.4
- * Copyright (C) 2006-2009 Bruno Silvestre
+ * LuaSec 0.4.1
+ * Copyright (C) 2006-2011 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
 
@@ -12,52 +12,7 @@
 #include <lauxlib.h>
 
 #include "context.h"
-
-struct ssl_option_s {
-  const char *name;
-  unsigned long code;
-};
-typedef struct ssl_option_s ssl_option_t;
-
-
-static ssl_option_t ssl_options[] = {
-  /* OpenSSL 0.9.7 and 0.9.8 */
-  {"all",                              SSL_OP_ALL},
-  {"cipher_server_preference",         SSL_OP_CIPHER_SERVER_PREFERENCE},
-  {"dont_insert_empty_fragments",      SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
-  {"ephemeral_rsa",                    SSL_OP_EPHEMERAL_RSA},
-  {"netscape_ca_dn_bug",               SSL_OP_NETSCAPE_CA_DN_BUG},
-  {"netscape_challenge_bug",           SSL_OP_NETSCAPE_CHALLENGE_BUG},
-  {"microsoft_big_sslv3_buffer",       SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
-  {"microsoft_sess_id_bug",            SSL_OP_MICROSOFT_SESS_ID_BUG},
-  {"msie_sslv2_rsa_padding",           SSL_OP_MSIE_SSLV2_RSA_PADDING},
-  {"netscape_demo_cipher_change_bug",  SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
-  {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
-  {"no_session_resumption_on_renegotiation", 
-      SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
-  {"no_sslv2",                         SSL_OP_NO_SSLv2},
-  {"no_sslv3",                         SSL_OP_NO_SSLv3},
-  {"no_tlsv1",                         SSL_OP_NO_TLSv1},
-  {"pkcs1_check_1",                    SSL_OP_PKCS1_CHECK_1},
-  {"pkcs1_check_2",                    SSL_OP_PKCS1_CHECK_2},
-  {"single_dh_use",                    SSL_OP_SINGLE_DH_USE},
-  {"ssleay_080_client_dh_bug",         SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
-  {"sslref2_reuse_cert_type_bug",      SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
-  {"tls_block_padding_bug",            SSL_OP_TLS_BLOCK_PADDING_BUG},
-  {"tls_d5_bug",                       SSL_OP_TLS_D5_BUG},
-  {"tls_rollback_bug",                 SSL_OP_TLS_ROLLBACK_BUG},
-  /* OpenSSL 0.9.8 only */
-#if OPENSSL_VERSION_NUMBER > 0x00908000L
-  {"cookie_exchange",                  SSL_OP_COOKIE_EXCHANGE},
-  {"no_query_mtu",                     SSL_OP_NO_QUERY_MTU},
-  {"single_ecdh_use",                  SSL_OP_SINGLE_ECDH_USE},
-#endif
-  /* OpenSSL 0.9.8f and above */
-#if defined(SSL_OP_NO_TICKET)
-  {"no_ticket",                        SSL_OP_NO_TICKET},
-#endif
-  {NULL, 0L}
-};
+#include "options.h"
 
 /*--------------------------- Auxiliary Functions ----------------------------*/
 
diff --git a/src/context.h b/src/context.h
index 93470bd..902311a 100644
--- a/src/context.h
+++ b/src/context.h
@@ -2,8 +2,8 @@
 #define __CONTEXT_H__
 
 /*--------------------------------------------------------------------------
- * LuaSec 0.4
- * Copyright (C) 2006-2009 Bruno Silvestre
+ * LuaSec 0.4.1
+ * Copyright (C) 2006-2011 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
 
diff --git a/src/https.lua b/src/https.lua
index 19c19fe..00a7e5b 100644
--- a/src/https.lua
+++ b/src/https.lua
@@ -1,6 +1,6 @@
 ----------------------------------------------------------------------------
--- LuaSec 0.4
--- Copyright (C) 2009 PUC-Rio
+-- LuaSec 0.4.1
+-- Copyright (C) 2009-2011 PUC-Rio
 --
 -- Author: Pablo Musa
 -- Author: Tomas Guisasola
@@ -22,8 +22,8 @@ local getmetatable = getmetatable
 
 module("ssl.https")
 
-_VERSION   = "0.4"
-_COPYRIGHT = "LuaSec 0.4 - Copyright (C) 2009 PUC-Rio"
+_VERSION   = "0.4.1"
+_COPYRIGHT = "LuaSec 0.4.1 - Copyright (C) 2009-2011 PUC-Rio"
 
 -- Default settings
 PORT = 443
diff --git a/src/options.h b/src/options.h
new file mode 100644
index 0000000..c260d46
--- /dev/null
+++ b/src/options.h
@@ -0,0 +1,163 @@
+/*--------------------------------------------------------------------------
+ * LuaSec 0.4.1
+ * Copyright (C) 2006-2011 Bruno Silvestre
+ *
+ *--------------------------------------------------------------------------*/
+
+struct ssl_option_s {
+  const char *name;
+  unsigned long code;
+};
+typedef struct ssl_option_s ssl_option_t;
+
+/*
+-- Supported SSL options and script in Lua 5.1 to generate the file.
+-- Ugly, but easier to maintain.
+
+local options = [[
+SSL_OP_ALL
+SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+SSL_OP_CIPHER_SERVER_PREFERENCE
+SSL_OP_CISCO_ANYCONNECT
+SSL_OP_COOKIE_EXCHANGE
+SSL_OP_CRYPTOPRO_TLSEXT_BUG
+SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+SSL_OP_EPHEMERAL_RSA
+SSL_OP_LEGACY_SERVER_CONNECT
+SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
+SSL_OP_MICROSOFT_SESS_ID_BUG
+SSL_OP_MSIE_SSLV2_RSA_PADDING
+SSL_OP_NETSCAPE_CA_DN_BUG
+SSL_OP_NETSCAPE_CHALLENGE_BUG
+SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
+SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+SSL_OP_NO_COMPRESSION
+SSL_OP_NO_QUERY_MTU
+SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+SSL_OP_NO_SSLv2
+SSL_OP_NO_SSLv3
+SSL_OP_NO_TICKET
+SSL_OP_NO_TLSv1
+SSL_OP_PKCS1_CHECK_1
+SSL_OP_PKCS1_CHECK_2
+SSL_OP_SINGLE_DH_USE
+SSL_OP_SINGLE_ECDH_USE
+SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
+SSL_OP_TLS_BLOCK_PADDING_BUG
+SSL_OP_TLS_D5_BUG
+SSL_OP_TLS_ROLLBACK_BUG
+]]
+
+print([[static ssl_option_t ssl_options[] = {]])
+
+for option in string.gmatch(options, "(%S+)") do
+  local name = string.lower(string.sub(option, 8))
+  print(string.format([[#if defined(%s)]], option))
+  print(string.format([[  {"%s", %s},]], name, option))
+  print([[#endif]])
+end
+
+print([[  {NULL, 0L}]])
+print([[};]])
+*/
+
+static ssl_option_t ssl_options[] = {
+#if defined(SSL_OP_ALL)
+  {"all", SSL_OP_ALL},
+#endif
+#if defined(SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
+  {"allow_unsafe_legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION},
+#endif
+#if defined(SSL_OP_CIPHER_SERVER_PREFERENCE)
+  {"cipher_server_preference", SSL_OP_CIPHER_SERVER_PREFERENCE},
+#endif
+#if defined(SSL_OP_CISCO_ANYCONNECT)
+  {"cisco_anyconnect", SSL_OP_CISCO_ANYCONNECT},
+#endif
+#if defined(SSL_OP_COOKIE_EXCHANGE)
+  {"cookie_exchange", SSL_OP_COOKIE_EXCHANGE},
+#endif
+#if defined(SSL_OP_CRYPTOPRO_TLSEXT_BUG)
+  {"cryptopro_tlsext_bug", SSL_OP_CRYPTOPRO_TLSEXT_BUG},
+#endif
+#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
+  {"dont_insert_empty_fragments", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS},
+#endif
+#if defined(SSL_OP_EPHEMERAL_RSA)
+  {"ephemeral_rsa", SSL_OP_EPHEMERAL_RSA},
+#endif
+#if defined(SSL_OP_LEGACY_SERVER_CONNECT)
+  {"legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT},
+#endif
+#if defined(SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
+  {"microsoft_big_sslv3_buffer", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER},
+#endif
+#if defined(SSL_OP_MICROSOFT_SESS_ID_BUG)
+  {"microsoft_sess_id_bug", SSL_OP_MICROSOFT_SESS_ID_BUG},
+#endif
+#if defined(SSL_OP_MSIE_SSLV2_RSA_PADDING)
+  {"msie_sslv2_rsa_padding", SSL_OP_MSIE_SSLV2_RSA_PADDING},
+#endif
+#if defined(SSL_OP_NETSCAPE_CA_DN_BUG)
+  {"netscape_ca_dn_bug", SSL_OP_NETSCAPE_CA_DN_BUG},
+#endif
+#if defined(SSL_OP_NETSCAPE_CHALLENGE_BUG)
+  {"netscape_challenge_bug", SSL_OP_NETSCAPE_CHALLENGE_BUG},
+#endif
+#if defined(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
+  {"netscape_demo_cipher_change_bug", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG},
+#endif
+#if defined(SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
+  {"netscape_reuse_cipher_change_bug", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG},
+#endif
+#if defined(SSL_OP_NO_COMPRESSION)
+  {"no_compression", SSL_OP_NO_COMPRESSION},
+#endif
+#if defined(SSL_OP_NO_QUERY_MTU)
+  {"no_query_mtu", SSL_OP_NO_QUERY_MTU},
+#endif
+#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
+  {"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION},
+#endif
+#if defined(SSL_OP_NO_SSLv2)
+  {"no_sslv2", SSL_OP_NO_SSLv2},
+#endif
+#if defined(SSL_OP_NO_SSLv3)
+  {"no_sslv3", SSL_OP_NO_SSLv3},
+#endif
+#if defined(SSL_OP_NO_TICKET)
+  {"no_ticket", SSL_OP_NO_TICKET},
+#endif
+#if defined(SSL_OP_NO_TLSv1)
+  {"no_tlsv1", SSL_OP_NO_TLSv1},
+#endif
+#if defined(SSL_OP_PKCS1_CHECK_1)
+  {"pkcs1_check_1", SSL_OP_PKCS1_CHECK_1},
+#endif
+#if defined(SSL_OP_PKCS1_CHECK_2)
+  {"pkcs1_check_2", SSL_OP_PKCS1_CHECK_2},
+#endif
+#if defined(SSL_OP_SINGLE_DH_USE)
+  {"single_dh_use", SSL_OP_SINGLE_DH_USE},
+#endif
+#if defined(SSL_OP_SINGLE_ECDH_USE)
+  {"single_ecdh_use", SSL_OP_SINGLE_ECDH_USE},
+#endif
+#if defined(SSL_OP_SSLEAY_080_CLIENT_DH_BUG)
+  {"ssleay_080_client_dh_bug", SSL_OP_SSLEAY_080_CLIENT_DH_BUG},
+#endif
+#if defined(SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)
+  {"sslref2_reuse_cert_type_bug", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG},
+#endif
+#if defined(SSL_OP_TLS_BLOCK_PADDING_BUG)
+  {"tls_block_padding_bug", SSL_OP_TLS_BLOCK_PADDING_BUG},
+#endif
+#if defined(SSL_OP_TLS_D5_BUG)
+  {"tls_d5_bug", SSL_OP_TLS_D5_BUG},
+#endif
+#if defined(SSL_OP_TLS_ROLLBACK_BUG)
+  {"tls_rollback_bug", SSL_OP_TLS_ROLLBACK_BUG},
+#endif
+  {NULL, 0L}
+};
diff --git a/src/ssl.c b/src/ssl.c
index 4058c97..bb5bbc7 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -1,6 +1,6 @@
 /*--------------------------------------------------------------------------
- * LuaSec 0.4
- * Copyright (C) 2006-2009 Bruno Silvestre
+ * LuaSec 0.4.1
+ * Copyright (C) 2006-2011 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
 
@@ -220,6 +220,9 @@ static int meth_create(lua_State *L)
   SSL_set_fd(ssl->ssl, (int) SOCKET_INVALID);
   SSL_set_mode(ssl->ssl, SSL_MODE_ENABLE_PARTIAL_WRITE | 
     SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+#if defined(SSL_MODE_RELEASE_BUFFERS)
+  SSL_set_mode(ssl->ssl, SSL_MODE_RELEASE_BUFFERS);
+#endif
   if (mode == MD_CTX_SERVER)
     SSL_set_accept_state(ssl->ssl);
   else
diff --git a/src/ssl.h b/src/ssl.h
index d504f71..a3e4d25 100644
--- a/src/ssl.h
+++ b/src/ssl.h
@@ -2,8 +2,8 @@
 #define __SSL_H__
 
 /*--------------------------------------------------------------------------
- * LuaSec 0.4
- * Copyright (C) 2006-2009 Bruno Silvestre
+ * LuaSec 0.4.1
+ * Copyright (C) 2006-2011 Bruno Silvestre
  *
  *--------------------------------------------------------------------------*/
 
diff --git a/src/ssl.lua b/src/ssl.lua
index 18a07b3..0170bc8 100644
--- a/src/ssl.lua
+++ b/src/ssl.lua
@@ -1,6 +1,6 @@
 ------------------------------------------------------------------------------
--- LuaSec 0.4
--- Copyright (C) 2006-2009 Bruno Silvestre
+-- LuaSec 0.4.1
+-- Copyright (C) 2006-2011 Bruno Silvestre
 --
 ------------------------------------------------------------------------------
 
@@ -10,8 +10,8 @@ require("ssl.core")
 require("ssl.context")
 
 
-_VERSION   = "0.4"
-_COPYRIGHT = "LuaSec 0.4 - Copyright (C) 2006-2009 Bruno Silvestre\n" .. 
+_VERSION   = "0.4.1"
+_COPYRIGHT = "LuaSec 0.4.1 - Copyright (C) 2006-2011 Bruno Silvestre\n" .. 
              "LuaSocket 2.0.2 - Copyright (C) 2004-2007 Diego Nehab"
 
 -- Export functions