That's one of the problems with stories like this is that there is a lot of misinformation out there. I started reading on Bruce Schneier's site, and bounced off several sites from there. I guess I either read wrong or hit some misinformation.
Also, with the extensive list of apps that need to be restarted, unless you have an overriding reason not to, I would recommend that you reboot instead of trying to cherry pick apps to restart. (The "nuke it from orbit. It's the only way to be sure." approach. :) ) Debian did a good job of finding most of the apps that depend on openssl, but I know they missed at least one, puppet.