There's a standing debate regarding whether that actually matters in the case of a distribution that included OpenSSL as a standard component, due to the GPL's system libraries exception. (And, of special relevance to Debian, there is debate even among those who agree that it's probably legal as to the ethics of doing it absent some fairly explicit indication of intent from the author(s) of the GPL'd software.)
Distributions can't take advantage of the system libraries exception, it only works for software that isn't shipped together with OpenSSL. The whole GPLv2 clause:
"However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable."
That is one reasonable interpretation of "accompanies", but it is not the only one. Hence the existence of debate. (Consider, for example, a CDN that happens to distribute both a Linux distribution that includes OpenSSL, and an unrelated GPL project not included in the distribution and written by people who don't contribute to the distribution. You surely would not believe this meets the definition of "accompanies" as used in the GPL? Now, figure out where the line is crossed.)
tl;dr: A conjunction of two old licenses, resulting in the advertising requirement that "every occurrence of the license with a different name required a separate acknowledgment", which is incompatible to GNU GPL.
