Index: security/openssl/Makefile
===================================================================
--- security/openssl/Makefile
+++ security/openssl/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	openssl
 PORTVERSION=	1.0.2k
-PORTREVISION=	1
+PORTREVISION=	2
 PORTEPOCH=	1
 CATEGORIES=	security devel
 MASTER_SITES=	http://www.openssl.org/source/ \
@@ -95,11 +95,14 @@
 SSL2_CONFIGURE_OFF=	no-ssl2
 SSL3_CONFIGURE_ON=	enable-ssl3
 SSL3_CONFIGURE_OFF=	no-ssl3 no-ssl3-method
+SSL3_EXTRA_PATCHES_OFF=	${PATCHDIR}/extra-patch-test_testssl
 THREADS_CONFIGURE_ON=	threads
 THREADS_CONFIGURE_OFF=	no-threads
 ZLIB_CONFIGURE_ON=	zlib zlib-dynamic
 ZLIB_CONFIGURE_OFF=	no-zlib no-zlib-dynamic
 
+CFLAGS+= -Werror -Qunused-arguments
+
 .include <bsd.port.pre.mk>
 
 .if ${PREFIX} == /usr
Index: security/openssl/files/extra-patch-test_testssl
===================================================================
--- security/openssl/files/extra-patch-test_testssl
+++ security/openssl/files/extra-patch-test_testssl
@@ -1,39 +1,15 @@
---- test/testssl.orig	2015-06-11 15:50:11.000000000 +0200
-+++ test/testssl	2015-06-12 13:43:32.000000000 +0200
-@@ -102,28 +102,28 @@
- $ssltest $extra || exit 1
- 
- echo test dtlsv1
--$ssltest -dtls1 $extra || exit 1
-+#$ssltest -dtls1 $extra || exit 1
- 
- echo test dtlsv1 with server authentication
--$ssltest -dtls1 -server_auth $CA $extra || exit 1
-+#$ssltest -dtls1 -server_auth $CA $extra || exit 1
- 
- echo test dtlsv1 with client authentication
--$ssltest -dtls1 -client_auth $CA $extra || exit 1
-+#$ssltest -dtls1 -client_auth $CA $extra || exit 1
- 
- echo test dtlsv1 with both client and server authentication
--$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
-+#$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
- 
- echo test dtlsv1.2
--$ssltest -dtls12 $extra || exit 1
-+#$ssltest -dtls12 $extra || exit 1
- 
- echo test dtlsv1.2 with server authentication
--$ssltest -dtls12 -server_auth $CA $extra || exit 1
-+#$ssltest -dtls12 -server_auth $CA $extra || exit 1
- 
- echo test dtlsv1.2 with client authentication
--$ssltest -dtls12 -client_auth $CA $extra || exit 1
-+#$ssltest -dtls12 -client_auth $CA $extra || exit 1
- 
- echo test dtlsv1.2 with both client and server authentication
--$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1
-+#$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1
- 
- if [ $dsa_cert = NO ]; then
-   echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
+Disable SSLv3 test when built without SSL3 option disabled
+
+ - Test for weak DH fails when enabled
+
+--- test/testssl.orig	2017-04-27 12:23:44 UTC
++++ test/testssl
+@@ -160,7 +160,7 @@ test_cipher() {
+ }
+ set -x
+ echo "Testing ciphersuites"
+-for protocol in TLSv1.2 SSLv3; do
++for protocol in TLSv1.2; do
+   echo "Testing ciphersuites for $protocol"
+   for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
+     test_cipher $cipher $protocol
Index: security/openssl/files/patch-md5.c
===================================================================
--- security/openssl/files/patch-md5.c
+++ /dev/null
@@ -1,11 +0,0 @@
---- crypto/md5/md5.c.orig	2015-01-22 15:58:32.000000000 +0100
-+++ crypto/md5/md5.c	2015-03-10 07:02:19.000000000 +0100
-@@ -83,7 +83,7 @@
-                 err++;
-                 continue;
-             }
--            printf("MD5(%s)= ", argv[i]);
-+            printf("MD5 (%s) = ", argv[i]);
-             do_fp(IN);
-             fclose(IN);
-         }
Index: security/openssl/files/patch-openbsd__hw.c
===================================================================
--- security/openssl/files/patch-openbsd__hw.c
+++ /dev/null
@@ -1,14 +0,0 @@
---- crypto/evp/openbsd_hw.c.orig	2015-01-22 15:58:32.000000000 +0100
-+++ crypto/evp/openbsd_hw.c	2015-03-10 07:08:45.000000000 +0100
-@@ -108,7 +108,10 @@
-             dev_failed = 1;
-             return 0;
-         }
--        close(cryptodev_fd);
-+        if (fd == -1)
-+            fd = cryptodev_fd;
-+        else
-+            close(cryptodev_fd);
-     }
-     assert(ses);
-     memset(ses, '\0', sizeof *ses);
Index: security/openssl/files/patch-srtp.h
===================================================================
--- security/openssl/files/patch-srtp.h
+++ /dev/null
@@ -1,10 +0,0 @@
---- ssl/srtp.h.orig	2015-03-19 14:30:36.000000000 +0100
-+++ ssl/srtp.h	2015-03-19 21:12:51.000000000 +0100
-@@ -136,7 +136,6 @@
- int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
- 
- STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
--SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
- 
- # endif
- 
Index: security/openssl/files/patch-testssl
===================================================================
--- security/openssl/files/patch-testssl
+++ security/openssl/files/patch-testssl
@@ -1,39 +0,0 @@
---- test/testssl.orig	2015-06-11 15:50:11.000000000 +0200
-+++ test/testssl	2015-06-12 13:43:32.000000000 +0200
-@@ -102,28 +102,28 @@
- $ssltest $extra || exit 1
- 
- echo test dtlsv1
--$ssltest -dtls1 $extra || exit 1
-+#$ssltest -dtls1 $extra || exit 1
- 
- echo test dtlsv1 with server authentication
--$ssltest -dtls1 -server_auth $CA $extra || exit 1
-+#$ssltest -dtls1 -server_auth $CA $extra || exit 1
- 
- echo test dtlsv1 with client authentication
--$ssltest -dtls1 -client_auth $CA $extra || exit 1
-+#$ssltest -dtls1 -client_auth $CA $extra || exit 1
- 
- echo test dtlsv1 with both client and server authentication
--$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
-+#$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
- 
- echo test dtlsv1.2
--$ssltest -dtls12 $extra || exit 1
-+#$ssltest -dtls12 $extra || exit 1
- 
- echo test dtlsv1.2 with server authentication
--$ssltest -dtls12 -server_auth $CA $extra || exit 1
-+#$ssltest -dtls12 -server_auth $CA $extra || exit 1
- 
- echo test dtlsv1.2 with client authentication
--$ssltest -dtls12 -client_auth $CA $extra || exit 1
-+#$ssltest -dtls12 -client_auth $CA $extra || exit 1
- 
- echo test dtlsv1.2 with both client and server authentication
--$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1
-+#$ssltest -dtls12 -server_auth -client_auth $CA $extra || exit 1
- 
- if [ $dsa_cert = NO ]; then
-   echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'