And thanks to you for starting the thread Matt, it's been very informative and helpful. Just as an addendum another relevant blog post on the SAP HANA site goes into a little bit of detail around the vulnerability in OpenSSL versus CommonCryptoLib and states that the latter is not affected by the bug, which I think addresses part of your original question:
Blog: No Heartbleed with SAP HANA | SAP HANA
Access via http (extended application services of SAP HANA) uses CommonCryptoLib from SAP and is therefore not affected by this vulnerability.