I can see that there are multiple versions of openssl installed in the Bitnami Redmine Stack:
Apache2\bin: OpenSSL 0.9.8y 5 Feb 2013
Subversion\bin: OpenSSL 1.0.1c 10 May 2012
Currently (due to PATH settings) it's the latter that's reporting back by default when I open a cmd prompt.
Are you saying that it's the version that Apache itself is using that's pertinent here? and when there are multiple versions installed like this, how can you tell? Does it use the PATH in preference? Or will it pick up the version in the Apache folder every time?
Is there any test which you can return from Apache itself on the server to confirm the version in use? The site itself 'looks clean' on your test link http://filippo.io/Heartbleed, which is a positive - but the test on the machine itself using the openssl version -a gives conflicting information... (because of the PATH settings)
When does the version in the subversion folder get used - if ever? Is there any scenario where that could still cause an issue?