> What surprises me here is OpenSSH. It's not supposed to use OpenSSL but
> Debian update process suggests to restart it after updating OpenSSL to a
> fixed version. Is it an overkill on their part? It might confuse admins.
>
>
> adam@proxy ~ $ ldd /usr/sbin/sshd
    linux-vdso.so.1 (0x00007fffb068e000)
    libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f68db1e6000)
    libpam.so.0 => /lib64/libpam.so.0 (0x00007f68dafd8000)
    libcrypto.so.1.0.0 => /usr/lib64/libcrypto.so.1.0.0 (0x00007f68dabf5000)
    libutil.so.1 => /lib64/libutil.so.1 (0x00007f68da9f2000)
    libz.so.1 => /lib64/libz.so.1 (0x00007f68da7db000)
    libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f68da5a4000)
    libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f68da387000)
    libc.so.6 => /lib64/libc.so.6 (0x00007f68d9fd7000)
    libgcc_s.so.1 => /usr/lib/gcc/x86_64-pc-linux-gnu/4.8.2/libgcc_s.so.1
(0x00007f68d9dc0000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00007f68d9bbc000)
    /lib64/ld-linux-x86-64.so.2 (0x00007f68db3f1000)
adam@proxy ~ $ qfile /usr/lib64/libcrypto.so.1.0.0
dev-libs/openssl (/usr/lib64/libcrypto.so.1.0.0)
adam@proxy ~ $

So OpenSSH clearly IS using OpenSSL, and you need to restart sshd after
upgrading OpenSSL.