Hey, we are trying to avoid using REQUIRED_USE as much as possible, since it provides a bad user experience. In Gentoo the common way to "select" a compatible ssl/tls implemention is just to prioritize them by reading USE flags. You've probably seen constructs like these: ssl? ( gnutls? ( net-libs/gnutls:= ) !gnutls? ( !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl:= ) ) ) This is correct. No REQUIRED_USE needed here. I'd like to suggest something similar to be done with s3fs. Since it _requires_ an ssl/tls implementation to be enabled, the "+openssl" itself is bogus. That flag isn't even globally recognized, we use simple "ssl" to implicate there's ssl available (which often means openssl), https://packages.gentoo.org/useflags/ssl https://packages.gentoo.org/useflags/search?q=openssl So here's my suggestion: Depchain goes nss > gnutls > openssl. if 'nss' is enabled, always prefer that. if '-nss +gnutls', use gnutls. if '-nss -gnutls', use openssl. Then I'd personally pair "nettle" with "gnutls", but since it's an independent configure option, we can leave the REQUIRED_USE="nettle? ( gnutls !nss )" in place. This way you also drop the "openssl" flag, and if other tls implementations are disabled, default to it.
