Index: head/Mk/bsd.default-versions.mk
===================================================================
--- head/Mk/bsd.default-versions.mk
+++ head/Mk/bsd.default-versions.mk
@@ -61,6 +61,47 @@
 PYTHON3_DEFAULT?=	3.4
 # Possible values: 2.0, 2.1, 2.2, 2.3
 RUBY_DEFAULT?=		2.2
+# Possible values: base, openssl, openssl-devel, libressl, libressl-devel
+.if !defined(SSL_DEFAULT)
+#	If no preference was set, check for an installed base version
+#	but give an installed port preference over it.
+.  if defined(WITH_OPENSSL_PORT)
+.    if defined(OPENSSL_PORT)
+SSL_DEFAULT:=${OPENSSL_PORT:T}
+WARNING+=	"Using WITH_OPENSSL_PORT and OPENSSL_PORT in make.conf is deprecated, replace them with DEFAULT_VERSIONS+=ssl=${SSL_DEFAULT}"
+.    else
+SSL_DEFAULT=openssl
+WARNING+=	"Using WITH_OPENSSL_PORT in make.conf is deprecated, replace it with DEFAULT_VERSIONS+=ssl=openssl"
+.    endif
+.  elif defined(WITH_OPENSSL_BASE)
+SSL_DEFAULT=base
+WARNING+=	"USing WITH_OPENSSL_BASE in make.conf is deprecated, replace it with DEFAULT_VERSIONS+=ssl=base"
+.  elif	!defined(WITH_OPENSSL_BASE) && \
+	!defined(WITH_OPENSSL_PORT) && \
+	!defined(SSL_DEFAULT) && \
+	!exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) && \
+	exists(${DESTDIR}/usr/include/openssl/opensslv.h)
+SSL_DEFAULT=	base
+.  else
+.    if exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so)
+# find installed port and use it for dependency
+.      if !defined(OPENSSL_INSTALLED)
+.        if defined(DESTDIR)
+PKGARGS=	-c ${DESTDIR}
+.        else
+PKGARGS=
+.        endif
+OPENSSL_INSTALLED!=	${PKG_BIN} ${PKGARGS} which -qo ${LOCALBASE}/lib/libcrypto.so || :
+.      endif
+.      if defined(OPENSSL_INSTALLED) && !empty(OPENSSL_INSTALLED)
+SSL_DEFAULT:=		${OPENSSL_INSTALLED:T}
+WARNING+=	"You have ${OPENSSL_INSTALLED} installed but do not have DEFAULT_VERSIONS+=ssl=${SSL_DEFAULT} set"
+.      endif
+.    endif
+.  endif
+# Make sure we have a default in the end
+SSL_DEFAULT?=	base
+.endif
 # Possible values: 8.4, 8.5, 8.6
 TCLTK_DEFAULT?=		8.6
 
Index: head/Mk/bsd.openssl.mk
===================================================================
--- head/Mk/bsd.openssl.mk
+++ head/Mk/bsd.openssl.mk
@@ -31,16 +31,9 @@
 
 OpenSSL_Include_MAINTAINER=	dinoex@FreeBSD.org
 
-#	If no preference was set, check for an installed base version
-#	but give an installed port preference over it.
-.if	!defined(WITH_OPENSSL_BASE) && \
-	!defined(WITH_OPENSSL_PORT) && \
-	!exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so) && \
-	exists(${DESTDIR}/usr/include/openssl/opensslv.h)
-WITH_OPENSSL_BASE=yes
-.endif
+.include "${PORTSDIR}/Mk/bsd.default-versions.mk"
 
-.if defined(WITH_OPENSSL_BASE)
+.if ${SSL_DEFAULT} == base
 OPENSSLBASE=		/usr
 OPENSSLDIR?=		/etc/ssl
 
@@ -59,7 +52,7 @@
 	@${ECHO_CMD} "Dependency error: This port wants the OpenSSL library from the FreeBSD"
 	@${ECHO_CMD} "base system. You can't build against it, while a newer"
 	@${ECHO_CMD} "version is installed by a port."
-	@${ECHO_CMD} "Please deinstall the port or undefine WITH_OPENSSL_BASE."
+	@${ECHO_CMD} "Please deinstall the port, remove DEFAULT_VERSIONS=ssl=base or undefine WITH_OPENSSL_BASE."
 	@${FALSE}
 .  endif
 
@@ -81,39 +74,18 @@
 MAKE_ARGS+=		OPENSSL_CFLAGS="${OPENSSL_CFLAGS}"
 .  endif
 
-.else # !defined(WITH_OPENSSL_BASE)
+.else # ${SSL_DEFAULT} != base
 
 OPENSSLBASE=		${LOCALBASE}
-.  if	!defined(OPENSSL_PORT) && \
-	exists(${DESTDIR}/${LOCALBASE}/lib/libcrypto.so)
-# find installed port and use it for dependency
-.    if !defined(OPENSSL_INSTALLED)
-.      if defined(DESTDIR)
-PKGARGS=	-c ${DESTDIR}
-.      else
-PKGARGS=
-.      endif
-OPENSSL_INSTALLED!=	${PKG_BIN} ${PKGARGS} which -qo ${LOCALBASE}/lib/libcrypto.so || :
-.    endif
-.    if defined(OPENSSL_INSTALLED) && ${OPENSSL_INSTALLED} != ""
-OPENSSL_PORT=		${OPENSSL_INSTALLED}
-OPENSSL_SHLIBFILE!=	${PKG_INFO} -ql ${OPENSSL_INSTALLED} | ${GREP} "^`${PKG_QUERY} "%p" ${OPENSSL_INSTALLED}`/lib/libcrypto.so.[0-9]*$$"
-OPENSSL_SHLIBVER?=	${OPENSSL_SHLIBFILE:E}
-.    endif
-.  endif
 
-# LibreSSL and OpenSSL-BETA specific SHLIBVER
-.  if   defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl
-OPENSSL_SHLIBVER?=	37
-.  elif defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/libressl-devel
-OPENSSL_SHLIBVER?=	38
-.  elif defined(OPENSSL_PORT) && ${OPENSSL_PORT} == security/openssl-devel
-OPENSSL_SHLIBVER?=	9
-.  endif
+OPENSSL_PORT=		security/${SSL_DEFAULT}
+
+# Get OPENSSL_SHLIBVER from the port
+.sinclude <${PORTSDIR}/${OPENSSL_PORT}/version.mk>
 
-# default
-OPENSSL_PORT?=		security/openssl
-OPENSSL_SHLIBVER?=	8
+.  if !defined(OPENSSL_SHLIBVER)
+.error You are using an unsupported SSL provider ${SSL_DEFAULT}
+.  endif
 
 OPENSSLDIR?=		${OPENSSLBASE}/openssl
 BUILD_DEPENDS+=		${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}:${OPENSSL_PORT}
Index: head/UPDATING
===================================================================
--- head/UPDATING
+++ head/UPDATING
@@ -5,6 +5,25 @@
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20160616
+  AFFECTS: users of security/openssl*, security/libressl*
+  AUTHOR: mat@FreeBSD.org
+
+  Previously, to tell the ports tree, you needed to set:
+
+  WITH_OPENSSL_PORT=yes
+  
+  And if you wanted a port that was not security/openssl, you needed to add,
+  for example:
+
+  OPENSSL_PORT=	security/libressl
+
+  Now, all you need to do is:
+
+  DEFAULT_VERSIONS+=  ssl=libressl
+  
+  Valid values are base, openssl, openssl-devel, libressl, and libressl-devel.
+
 20160614
   AFFECTS: users of www/node, www/node5, and www/node4
   AUTHOR: adamw@FreeBSD.org
Index: head/security/libressl-devel/version.mk
===================================================================
--- head/security/libressl-devel/version.mk
+++ head/security/libressl-devel/version.mk
@@ -0,0 +1 @@
+OPENSSL_SHLIBVER?=	38
Index: head/security/libressl/version.mk
===================================================================
--- head/security/libressl/version.mk
+++ head/security/libressl/version.mk
@@ -0,0 +1 @@
+OPENSSL_SHLIBVER?=	37
Index: head/security/openssl-devel/version.mk
===================================================================
--- head/security/openssl-devel/version.mk
+++ head/security/openssl-devel/version.mk
@@ -0,0 +1 @@
+OPENSSL_SHLIBVER?=	9
Index: head/security/openssl/version.mk
===================================================================
--- head/security/openssl/version.mk
+++ head/security/openssl/version.mk
@@ -0,0 +1 @@
+OPENSSL_SHLIBVER?=	8