There is no "expected" version. mIRC uses whatever is installed by the user. Your initial post was wrong in that "the new mIRC" does not "use" the q release (in the sense that mIRC only supports that library). mIRC.com *provides* a precompiled OpenSSL binary installer as a convenience, because lots of people were having trouble installing the other popular openssl packages out there (due to MSVC2005's CRT being linked but not available on a target system, for instance). Khaled decided to provide his own for users if they need it. You don't have to use it, and mIRC doesn't expect this version to be used-- again, it's only released as a convenience for users.
Therefore, there is no way to know what the "expected" openssl library should be, since mIRC has no specific expectation. Furthermore, it wouldn't make sense to say that "the version at the time of release is safe", because mIRC releases would not often be fast enough to keep up with new vulnerabilities. It would be wrong for mIRC to suggest, for instance, that "q" is "expected" just because that's what was available when 7.17 was released. This would be problematic if a vulnerability in q was discovered in the interim. Khaled does not update mIRC everytime a new openssl library is released. I think it's good enough to follow Collective's instructions to verify your libraries for yourself.