To add on to what Bob said, TL1 first release had the wrong SSL3 - it was not usable to compile some common open source packages because of some SSL configuration options. TL1 SP2 had a usable release. 02-2320 means week 20 so it was released in week 20 of the year.
The 7.2 situation is more problematical. To me (just my opinion) it doesn't look like IBM plans to update the default SSL in 7.2 to 3. Instead they offer an optional download from the MRS web site with an up to date SSL3 and some other related components. Its not an ideal sys admin picture. It gets a little worse - lets say you want apache from their toolbox. The toolbox will make you get an SSL bundle from the MRS website.
In UNIX, irispython -m pip install <package> will give the <package> files group ownership that's appropriate for your IRIS instance.
@Dmitry Maslennikov are you aware of: https://docs.intersystems.com/irislatest/csp/documatic/%25CSP.Documatic....