diff --git a/ftp/vsftpd/Makefile b/ftp/vsftpd/Makefile
index 51aa1d50cb5f..0da3fa86f3b4 100644
--- a/ftp/vsftpd/Makefile
+++ b/ftp/vsftpd/Makefile
@@ -1,112 +1,111 @@
 PORTNAME=	vsftpd
 PORTVERSION=	3.0.5
 PORTREVISION=	1
 CATEGORIES=	ftp
 MASTER_SITES=	https://security.appspot.com/downloads/ \
 		GENTOO
 PKGNAMESUFFIX?=	${SSL_SUFFIX}${PKGNAMESUFFIX2}
 
 MAINTAINER=	dinoex@FreeBSD.org
 COMMENT=	FTP daemon that aims to be "very secure"
 WWW=		https://security.appspot.com/vsftpd.html
 
 LICENSE=	GPLv2
 
 USERS=		ftp
 GROUPS=		ftp
 USES=		cpe alias
 ALL_TARGET=	vsftpd
 USE_RC_SUBR=	vsftpd vsftpd6
 DOCFILES=	AUDIT BENCHMARKS BUGS Changelog FAQ INSTALL LICENSE \
 		README README.security README.ssl REFS REWARD \
 		SIZE SPEED TODO TUNING
 
 CPE_VENDOR=	vsftpd_project
 
 OPTIONS_DEFINE=	VSFTPD_SSL PIDFILE STACKPROTECTOR DOCS
 OPTIONS_DEFAULT?=	VSFTPD_SSL PIDFILE STACKPROTECTOR
 NO_OPTIONS_SORT=yes
 
 VSFTPD_SSL_DESC=Include support for SSL
 PIDFILE_DESC=	Unofficial support for pidfile
 STACKPROTECTOR_DESC=	Build with stack-protector
 
 .include <bsd.port.options.mk>
 
 .if ${PORT_OPTIONS:MVSFTPD_SSL} && !defined(WITHOUT_SSL)
 USES+=		ssl
-BROKEN_SSL=	openssl30 openssl31
-BROKEN_SSL_REASON=	Requires OpenSSL 3.0.0 deprecated EC_* routines
 SSL_SUFFIX=	-ssl
 CFLAGS+=	-I${OPENSSLINC}
+CFLAGS+=	-Wno-deprecated-declarations
 LDFLAGS+=	-L${OPENSSLLIB}
 .endif
 
 .if ${PORT_OPTIONS:MPIDFILE}
 EXTRA_PATCHES+=	${FILESDIR}/pidfile.patch
 .endif
 
 VSFTPD_OPTIMIZED=	${CFLAGS:M-O*}
 .if defined(CFLAGS) && !empty(VSFTPD_OPTIMIZED)
 VSFTPD_NO_OPTIMIZED=	-e "s|-O2 ||"
 .endif
 
 .if ${PORT_OPTIONS:MSTACKPROTECTOR}
 # BROKEN on FreeBSD with undefined reference to `__stack_chk_fail_local'
 VSFTPD_LIBS=	-lssp_nonshared
 .else
 VSFTPD_NO_SSP=	-e "s|-fstack-protector --param=ssp-buffer-size=4 ||"
 .endif
 
 do-configure:
 .if ${PORT_OPTIONS:MVSFTPD_SSL} && !defined(WITHOUT_SSL)
 	${REINPLACE_CMD} -e \
 		"s|#undef VSF_BUILD_TCPWRAPPERS|#define VSF_BUILD_TCPWRAPPERS 1|" \
 		-e "s|#undef VSF_BUILD_SSL|#define VSF_BUILD_SSL 1|" \
 		${WRKSRC}/builddefs.h
 .else
 	${REINPLACE_CMD} -e \
 		"s|#undef VSF_BUILD_TCPWRAPPERS|#define VSF_BUILD_TCPWRAPPERS 1|" \
 		${WRKSRC}/builddefs.h
 .endif
 	${REINPLACE_CMD} -e "s|^listen=.*|listen=NO|" \
 		-e "s|/etc/vsftpd.conf|${PREFIX}/etc/vsftpd.conf|" \
 		${WRKSRC}/defs.h ${WRKSRC}/vsftpd.conf
 	${REINPLACE_CMD} -e "s|/etc/v|${PREFIX}/etc/v|" \
 		${WRKSRC}/vsftpd.8 ${WRKSRC}/vsftpd.conf.5 ${WRKSRC}/tunables.c
 	${REINPLACE_CMD} ${VSFTPD_NO_OPTIMIZED} ${VSFTPD_NO_SSP} \
 		-e "s|^CC 	=	gcc|CC	=	${CC}|" \
 		-e "s|^CFLAGS	=	|CFLAGS	=	${CFLAGS} |" \
 		-e "s|^LDFLAGS	=	|LDFLAGS	=	${LDFLAGS} |" \
 		-e "s|	-Wl,-s|	${VSFTPD_LIBS}|" \
 		${WRKSRC}/Makefile
 	${REINPLACE_CMD} -e '/-lutil/d' ${WRKSRC}/vsf_findlibs.sh
 	${CAT} ${FILESDIR}/chroot.conf >> ${WRKSRC}/vsftpd.conf
 	${CP} ${WRKSRC}/vsftpd.conf ${WRKSRC}/vsftpd6.conf
 .if ${PORT_OPTIONS:MPIDFILE}
 	${CAT} ${FILESDIR}/pidfile.conf >> ${WRKSRC}/vsftpd.conf
 	${SED} -e 's|vsftpd.pid|vsftpd6.pid|' ${FILESDIR}/pidfile.conf \
 		>> ${WRKSRC}/vsftpd6.conf
 .endif
 	${CAT} ${FILESDIR}/listen.conf >> ${WRKSRC}/vsftpd.conf
 	${CAT} ${FILESDIR}/listen6.conf >> ${WRKSRC}/vsftpd6.conf
 
 do-install:
 	${INSTALL_PROGRAM} ${WRKSRC}/vsftpd ${STAGEDIR}${PREFIX}/libexec/
 	${LN} ${STAGEDIR}${PREFIX}/libexec/vsftpd ${STAGEDIR}${PREFIX}/libexec/vsftpd6
 	${INSTALL_DATA} ${WRKSRC}/vsftpd.conf ${STAGEDIR}${PREFIX}/etc/vsftpd.conf.sample
 	${INSTALL_DATA} ${WRKSRC}/vsftpd6.conf ${STAGEDIR}${PREFIX}/etc/vsftpd6.conf.sample
 	${INSTALL_MAN} ${WRKSRC}/vsftpd.conf.5 ${STAGEDIR}${PREFIX}/man/man5/
 	${INSTALL_MAN} ${WRKSRC}/vsftpd.8 ${STAGEDIR}${PREFIX}/man/man8/
 	${MKDIR} ${STAGEDIR}/var/ftp ${STAGEDIR}${PREFIX}/share/vsftpd/empty
 
 do-install-DOCS-on:
 	${MKDIR} ${STAGEDIR}${DOCSDIR}
 	${INSTALL_DATA} ${DOCFILES:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}/
 .for i in EXAMPLE SECURITY
 	${MKDIR} ${STAGEDIR}${DOCSDIR}/${i}
 	${CP} -p -R -L ${WRKSRC}/${i}/./ ${STAGEDIR}${DOCSDIR}/${i}/
 	${CHMOD} -R -L a+rX,go-w ${STAGEDIR}${DOCSDIR}/${i}/
 .endfor
 
 .include <bsd.port.mk>
diff --git a/ftp/vsftpd/files/patch-ssl.c b/ftp/vsftpd/files/patch-ssl.c
index 5ff044dab8d5..3b8f49288292 100644
--- a/ftp/vsftpd/files/patch-ssl.c
+++ b/ftp/vsftpd/files/patch-ssl.c
@@ -1,37 +1,53 @@
 --- ssl.c.orig	2021-08-02 06:24:35 UTC
 +++ ssl.c
 @@ -31,10 +31,10 @@
  #include <errno.h>
  #include <limits.h>
  
 -static char* get_ssl_error();
 +static char* get_ssl_error(void);
  static SSL* get_ssl(struct vsf_session* p_sess, int fd);
  static int ssl_session_init(struct vsf_session* p_sess);
 -static void setup_bio_callbacks();
 +static void setup_bio_callbacks(SSL* p_ssl);
  static long bio_callback(
    BIO* p_bio, int oper, const char* p_arg, int argi, long argl, long retval);
  static int ssl_verify_callback(int verify_ok, X509_STORE_CTX* p_ctx);
 @@ -93,10 +93,12 @@ ssl_init(struct vsf_session* p_sess)
      {
        options |= SSL_OP_NO_TLSv1_2;
      }
 +#ifdef SSL_OP_NO_TLSv1_3
      if (!tunable_tlsv1_3)
      {
        options |= SSL_OP_NO_TLSv1_3;
      }
 +#endif
      SSL_CTX_set_options(p_ctx, options);
      if (tunable_rsa_cert_file)
      {
-@@ -683,7 +685,7 @@ ssl_cert_digest(SSL* p_ssl, struct vsf_session* p_sess
+@@ -139,6 +141,7 @@ ssl_init(struct vsf_session* p_sess)
+     {
+       die("SSL: RNG is not seeded");
+     }
++#if OPENSSL_VERSION_NUMBER < 0x10200000L
+     {
+       EC_KEY* key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+       if (key == NULL)
+@@ -148,6 +151,7 @@ ssl_init(struct vsf_session* p_sess)
+       SSL_CTX_set_tmp_ecdh(p_ctx, key);
+       EC_KEY_free(key);
+     }
++#endif
+     if (tunable_ssl_request_cert)
+     {
+       verify_option |= SSL_VERIFY_PEER;
+@@ -683,7 +687,7 @@ ssl_cert_digest(SSL* p_ssl, struct vsf_session* p_sess
  }
  
  static char*
 -get_ssl_error()
 +get_ssl_error(void)
  {
    SSL_load_error_strings();
    return ERR_error_string(ERR_get_error(), NULL);