Can you please explain definitively what the current status regarding OpenSSL rpm versions? The version numbering used in your rpm appears to be intentionally out of date with the what OpenSSL provides. It is not clear for example if your rpms are actually up to date. The OpenSSL FAQ affirms that your version numbering is wrong but doesn't explain the rationale.. Red Hat Linux (release 7.0 and later) include a preinstalled limited version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2 is disabled in this version. The same may apply to other Linux distributions. Users may therefore wish to install more or all of the features left out. To do this you MUST ensure that you do not overwrite the openssl that is in /usr/bin on your Red Hat machine. Several packages depend on this file, including sendmail and ssh. /usr/local/bin is a good alternative choice. The libraries that come with Red Hat 7.0 onwards have different names and so are not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and /lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and /lib/libcrypto.so.2 respectively). Please note that we have been advised by Red Hat attempting to recompile the openssl rpm with all the cryptography enabled will not work. All other packages depend on the original Red Hat supplied openssl package. It is also worth noting that due to the way Red Hat supplies its packages, updates to openssl on each distribution never change the package version, only the build number. For example, on Red Hat 7.1, the latest openssl package has version number 0.9.6 and build number 9 even though it contains all the relevant updates in packages up to and including 0.9.6b.
What are you confused about? The FAQ is not quite right in the last paragraph, the package version does always reflect the version of OpenSSL used, though we do backport security fixes from newer versions.