openssl

USE flags

• abi_mips_n32 - 64-bit (32-bit pointer) libraries
• abi_mips_n64 - 64-bit libraries
• abi_mips_o32 - 32-bit libraries
• abi_s390_32 - 32-bit (s390) libraries
• abi_s390_64 - 64-bit (s390x) libraries
• abi_x86_32 - 32-bit (x86) libraries
• abi_x86_64 - 64-bit (amd64) libraries
• abi_x86_x32 - x32 ABI libraries
• asm - Support assembly hand optimized crypto functions (i.e. faster run time)
• bindist - Disable/Restrict EC algorithms (as they seem to be patented) -- note: changes the ABI
• cpu_flags_x86_sse2 - Use the SSE2 instruction set
• fips - Enable FIPS provider
• gmp - Add support for dev-libs/gmp (GNU MP library)
• kerberos - Add kerberos support
• ktls - Enable support for Kernel implementation of TLS (kTLS)
• rfc3779 - Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)
• sctp - Support for Stream Control Transmission Protocol
• sslv2 - Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https
• sslv3 - Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https
• static-libs - Build static versions of dynamic libraries as well
• test - Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
• tls-compression - Enable support for discouraged TLS compression
• tls-heartbeat - Enable the Heartbeat Extension in TLS and DTLS
• vanilla - Do not add extra patches which change default behaviour; DO NOT USE THIS ON A GLOBAL SCALE as the severity of the meaning changes drastically
• verify-sig - Verify upstream signatures on distfiles
• weak-ssl-ciphers - Build support for SSL/TLS ciphers that are considered "weak"

Security Advisory