OpenSSL is very much part of the problem set here with a long history of dubious API choices, a performance sapping rewrite in 3.0, and many things retained for far too long like VMS support.
The problem is that killing it requires a lot of buy-in and dealing with FIPS 140-2 and no one was willing to do that last time.
The problem is that if you want Red Hat or Canonical to support integrating your new library across all the applications that need it, it has to support FIPS. If it doesn't people who need FIPS and have the money to support maintenance will avoid integrating it.
The problem is that killing it requires a lot of buy-in and dealing with FIPS 140-2 and no one was willing to do that last time.