A paper written on timing attacks against OpenSSL 0.9.7. In this experiment, it shows that the extraction of private keys from an OpenSSL-based webserver is realistic. Monitoring about a million queries allows an attackers to remotely extract a 1024-bit RSA private key.
You can download it from the following link: https://packetstormsecurity.com/files/download/30905/ssl-timing.pdf
Source: https://packetstormsecurity.com/files/30905/ssl-timing.pdf.html