--- /mnt/builder/portage/dev-libs/openssl/openssl-1.0.2h-r2.ebuild	2016-07-02 12:08:27.000000000 +0100
+++ openssl-1.0.2h-r2.ebuild	2016-07-04 19:15:07.019490789 +0100
@@ -13,8 +13,8 @@
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+KEYWORDS="~amd64"
+IUSE="+asm bindist +camellia +des gmp idea kerberos mdc2 rc2 +rc4 rc5 rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
@@ -58,6 +58,7 @@
 		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
 		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
 		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
+		epatch "${FILESDIR}"/${PN}-1.0.2-no_des.patch
 
 		epatch_user #332661
 	fi
@@ -142,16 +142,19 @@
 	./${config} \
 		${sslout} \
 		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
 		$(use_ssl !bindist ec) \
 		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
 		enable-tlsext \
 		$(use_ssl asm) \
+		$(use_ssl camellia) \
+		$(use_ssl des) \
 		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl idea) \
 		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl mdc2) \
+		$(use_ssl rc2) \
+		$(use_ssl rc4) \
+		$(use_ssl rc5) \
 		$(use_ssl rfc3779) \
 		$(use_ssl sctp) \
 		$(use_ssl sslv2 ssl2) \
--- /mnt/builder/portage/dev-libs/openssl/metadata.xml	2016-06-30 21:07:12.000000000 +0100
+++ metadata.xml	2016-07-04 19:12:32.066113322 +0100
@@ -8,6 +8,13 @@
 <use>
  <flag name="asm">Support assembly hand optimized crypto functions (i.e. faster run time)</flag>
  <flag name="bindist">Disable EC algorithms (as they seem to be patented) -- note: changes the ABI</flag>
+ <flag name="camellia">Support for the symmetric key block cipher Camellia (same class as AES)</flag>
+ <flag name="des">Support for the old/insecure DES cipher -- many apps still depend on this for 3DES</flag>
+ <flag name="idea">Support for the old/insecure IDEA cipher</flag>
+ <flag name="mdc2">Support for the MDC2 cipher -- not widely used</flag>
+ <flag name="rc2">Support for the old/insecure RC2 cipher</flag>
+ <flag name="rc4">Support for the old/insecure RC2 cipher -- some apps still depend on this</flag>
+ <flag name="rc5">Support for the old/insecure RC2 cipher</flag>
  <flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
  <flag name="sctp">Support for Stream Control Transmission Protocol</flag>
  <flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag>