The patches from bug 228902 and added in r481850 are not entirely compatible with older OpenSSL versions, to the point that the qca-ossl plugin refuses to load at all on FreeBSD 11.2, for example (see bug 232784 and its duplicates).
Fix it by replacing our patches with backports from upstream the same way OpenSUSE does it (the OpenSSL 1.1.0 upstream patch was authored by SUSE):
- Revert an upstream commit made only to the 2.1 branch disabling a few ciphers in the unit tests.
- Backport a change to the master branch that never made it to the 2.1 branch disabling the ciphers mentioned above as well as a few other ones, so that we can backport the actual change adding support for OpenSSL 1.1.0 more clealy.
- Backport the actual OpenSSL 1.1.0 support commit, with a few conflicts resolved due to the lack of a commit adding suport for AES GCM and AES CCM in the 2.1 branch. The patch was actually obtained from OpenSUSE's repositories, since they had to resolve the same conflict as well.