The new (and very useful) config option to security/openssl allows you to compile it without support for SSLv2. Arguably, this should be the default option. However, this has broken at least one dependent port -- security/sslscan <https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193083>. I do not know if it has broken others, since sslscan was the tool I was going to use to test other ports. When it broke, I quickly reverted to the original version of openssl, since so much depends on it and I was worried other things might be quietly broken. This might not be the fault of the change to the openssl port itself. Perhaps all dependent ports should be more resilient. However, it has been suggested that there at least be a warning in the description of the SSLv2 flag. If there is a convenient, non-spammy way to notify all the major openssl-dependent port maintainers, that's probably also a good idea.
Using this option also breaks www/libwww: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193937
Over to maintainer.
I should note that with the POODLE exploit, disabling SSLv3 has become quite important. The option to compile security/openssl without SSLv3 was quite helpfully added at the same time as the option to disable SSLv2, but the options are not useful if other necessary ports will break when they are used. Currently, it is necessary to track down and reconfigure each port that uses openssl and modify the settings in a manner specific to that port. Some ports do not allow for this level of configuration, so disabling SSLv2/SSLv3 in the openssl is not only efficient and logical, it is the only way to do such a thing using some ports (eg, mail/imap-uw).
This is in fact a duplicate of 195796. *** This bug has been marked as a duplicate of bug 195796 ***