These packages are one-shot releases intended to update a CentOS 6 system so
that it can properly validate the Let's Encrypt certificate chain cross-signed
with the expired DST Root CA X3 certificate. OpenSSL 1.0.1e has a bug that
prevents it from being able to validate successfully.

OpenSSL 1.0.2k is a rebuild from CentOS 7. The CA bundle, also backported from
CentOS 7, is needed to completely address the issue.

OpenSSL 1.0.2 is purportedly ABI compatible with 1.0.1 and has shown success in
our testing, but no warranty is provided. If you experience issues you should
roll back to CentOS 6 official packages or upgrade to CentOS 7 or later.

See the following discussion for further information:

https://community.letsencrypt.org/t/rhel-centos-6-openssl-client-compatibility-after-dst-root-ca-x3-expiration/161032