Another thing to consider here is that many times, larger corporations are required to comply (or internally have hangups about not complying) with FIPS. And at least as far as I can tell, there are only a few older versions of OpenSSL compatible with a legacy FIPS module. Honestly I have given up on the politics of it so I may be incorrect, but I know the few times I've brought it up at (soon to be former) employer, that has come up.