Three streaming (like pointed in the other comment) was my initial reaction too, but indeed at the time https for streaming would be very rare.
Another possibility is to realize that openssl isn’t just for communication, but also has implementation of cryptographic algorithms.
Perhaps openssl was used for validation of licensing key? For example they could sign the license with their private key and WinAmp could verify it’s authenticity with its public key.
Well, given that they have access to Internet via starlink, all they would have to do is set up a website and list the IDs, then block everything that’s not there.
They got me shipment? Add them to the list? No longer own the device? Remove it.