diff --git a/devel/qca/Makefile b/devel/qca/Makefile
index bd103c4e7520..ffeb2a585be9 100644
--- a/devel/qca/Makefile
+++ b/devel/qca/Makefile
@@ -1,82 +1,80 @@
 PORTNAME=	qca
-DISTVERSION=	2.3.9
-PORTREVISION=	1
+DISTVERSION=	2.3.10
 CATEGORIES=	devel
 MASTER_SITES=	KDE/stable/qca/${PORTVERSION}
 PKGNAMESUFFIX=	-${FLAVOR}
 
 MAINTAINER=	kde@FreeBSD.org
 COMMENT=	Cross-platform crypto API for Qt ${FLAVOR:C/qt//}
 WWW=		https://api.kde.org/qca/html/index.html
 
 LICENSE=	LGPL21
 LICENSE_FILE=	${WRKSRC}/COPYING
 
 BUILD_DEPENDS=	${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss
 RUN_DEPENDS=	${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss
 
 FLAVORS=	qt5 qt6
 FLAVOR?=	qt5
 
-USES=		cmake compiler:c++17-lang localbase:ldflags pkgconfig \
+USES=		cmake:testing compiler:c++20-lang localbase:ldflags pkgconfig \
 		qt:${FLAVOR:S/qt//} tar:xz
 USE_LDCONFIG=	yes
-_USE_QT_qt5=	core buildtools:build qmake:build
+_USE_QT_qt5=	core \
+		buildtools:build qmake:build \
+		network:test testlib:test
 _USE_QT_qt6=	5compat base
 USE_QT=		${_USE_QT_${FLAVOR}}
 
 CMAKE_ARGS=	-DBUILD_PLUGINS=none \
 		-DPKGCONFIG_INSTALL_PREFIX=${PREFIX}/libdata/pkgconfig \
 		-DQCA_FEATURE_INSTALL_DIR=${QT_MKSPECDIR}/features \
 		-DQCA_SUFFIX=${FLAVOR} \
 		-D${FLAVOR:tu}:BOOL=TRUE
+CMAKE_OFF=	BUILD_TESTS
+CMAKE_TESTING_ON=	BUILD_TESTS
+
 CONFIGURE_ENV=	QC_CERTSTORE_PATH=${LOCALBASE}/share/certs/ca-root-nss.crt
 
 _PLIST_SUB_qt5=	QT5_ONLY=""
 _PLIST_SUB_qt6=	QT5_ONLY="@comment "
 PLIST_SUB=	SHLIB_VER=${PORTVERSION} \
 		QCA_QT_VERSION=${FLAVOR} \
 		${_PLIST_SUB_${FLAVOR}}
 
-OPTIONS_DEFINE=	BOTAN GCRYPT GNUPG LOGGER NSS OPENSSL PKCS11 SASL SOFTSTORE TEST
+OPTIONS_DEFINE=	BOTAN GCRYPT GNUPG LOGGER NSS OPENSSL PKCS11 SASL SOFTSTORE
 OPTIONS_DEFAULT=GNUPG OPENSSL
 OPTIONS_SUB=	yes
 
 BOTAN_DESC=		Build with Botan crypto library
 BOTAN_LIB_DEPENDS=	libbotan-3.so:security/botan3
 BOTAN_CMAKE_ON=		-DWITH_botan_PLUGIN=yes
 
 GCRYPT_LIB_DEPENDS=	libgcrypt.so:security/libgcrypt
 GCRYPT_CMAKE_ON=	-DWITH_gcrypt_PLUGIN=yes
 
 GNUPG_RUN_DEPENDS=	gpg2:security/gnupg
 GNUPG_CMAKE_ON=		-DWITH_gnupg_PLUGIN=yes
 
 LOGGER_DESC=		Simple logger writer
 LOGGER_CMAKE_ON=	-DWITH_logger_PLUGIN=yes
 
 NSS_LIB_DEPENDS=	libnspr4.so:devel/nspr \
 			libnss3.so:security/nss
 NSS_CMAKE_ON=		-DWITH_nss_PLUGIN=yes
 
 OPENSSL_USES=		ssl
 OPENSSL_CMAKE_ON=	-DWITH_ossl_PLUGIN=yes
 
 PKCS11_DESC=		Smartcard integration
 PKCS11_LIB_DEPENDS=	libpkcs11-helper.so:security/pkcs11-helper
 PKCS11_CMAKE_ON=	-DWITH_pkcs11_PLUGIN=yes
 PKCS11_IMPLIES=		OPENSSL
 
 SASL_LIB_DEPENDS=	libsasl2.so:security/cyrus-sasl2
 SASL_CMAKE_ON=		-DWITH_cyrus-sasl_PLUGIN=yes
 
 SOFTSTORE_DESC=		Simple persistent certificate store
 SOFTSTORE_CMAKE_ON=	-DWITH_softstore_PLUGIN=yes
 
-_TEST_USE_qt5=		QT=network:build,testlib:build
-_TEST_USE_qt6=		# Network and Test included in base
-TEST_USE=		${_TEST_USE_${FLAVOR}}
-TEST_CMAKE_BOOL=	BUILD_TESTS
-TEST_TEST_TARGET=	test
-
 .include <bsd.port.mk>
diff --git a/devel/qca/distinfo b/devel/qca/distinfo
index a42f599aad16..91100a4e4e25 100644
--- a/devel/qca/distinfo
+++ b/devel/qca/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1719288772
-SHA256 (qca-2.3.9.tar.xz) = c555d5298cdd7b6bafe2b1f96106f30cfa543a23d459d50c8a91eac33c476e4e
-SIZE (qca-2.3.9.tar.xz) = 765256
+TIMESTAMP = 1741916166
+SHA256 (qca-2.3.10.tar.xz) = 1c5b722da93d559365719226bb121c726ec3c0dc4c67dea34f1e50e4e0d14a02
+SIZE (qca-2.3.10.tar.xz) = 764844
diff --git a/devel/qca/files/patch-plugins_qca-botan_CMakeLists.txt b/devel/qca/files/patch-plugins_qca-botan_CMakeLists.txt
new file mode 100644
index 000000000000..a0d966149996
--- /dev/null
+++ b/devel/qca/files/patch-plugins_qca-botan_CMakeLists.txt
@@ -0,0 +1,27 @@
+Prefer botan-3 and prevent linking to botan-2, as security/botan2 is currently
+marked for removal. [1] Although we depend on libbotan-3.so for the BOTAN
+option, previous code would link to libbotan-2.so if installed.
+
+[1] https://cgit.freebsd.org/ports/commit/?id=eb1217e8e983cae63d99af35ac6de924b56691ab
+
+--- plugins/qca-botan/CMakeLists.txt.orig	2025-03-09 12:09:03 UTC
++++ plugins/qca-botan/CMakeLists.txt
+@@ -1,13 +1,10 @@ find_package(PkgConfig REQUIRED)
+ find_package(PkgConfig REQUIRED)
+ 
+-pkg_check_modules(BOTAN IMPORTED_TARGET botan-2)
+-if(NOT BOTAN_FOUND)
+-  pkg_check_modules(BOTAN IMPORTED_TARGET botan-3)
+-  if(BOTAN_FOUND)
+-    set(CMAKE_CXX_STANDARD 20)
+-    set(CMAKE_CXX_STANDARD_REQUIRED ON)
+-    set(CMAKE_CXX_EXTENSIONS OFF)
+-  endif()
++pkg_check_modules(BOTAN IMPORTED_TARGET botan-3)
++if(BOTAN_FOUND)
++  set(CMAKE_CXX_STANDARD 20)
++  set(CMAKE_CXX_STANDARD_REQUIRED ON)
++  set(CMAKE_CXX_EXTENSIONS OFF)
+ endif()
+ 
+ if(WITH_botan_PLUGIN STREQUAL "yes" AND NOT BOTAN_FOUND)
diff --git a/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp b/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp
index fb1e6745eaec..10548649b6bd 100644
--- a/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp
+++ b/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp
@@ -1,94 +1,94 @@
 Patch from OpenBSD rsadowski@ 
 
 LibreSSL 3.0.x support from Stefan Strogin <steils@gentoo.org>
 
 Index: plugins/qca-ossl/qca-ossl.cpp
---- plugins/qca-ossl/qca-ossl.cpp.orig	2021-02-04 10:29:44 UTC
+--- plugins/qca-ossl/qca-ossl.cpp.orig	2025-03-09 12:09:03 UTC
 +++ plugins/qca-ossl/qca-ossl.cpp
-@@ -41,7 +41,13 @@
- #include <openssl/ssl.h>
- #include <openssl/x509v3.h>
+@@ -45,7 +45,13 @@
+ #include <openssl/provider.h>
+ #endif
  
 +#ifndef RSA_F_RSA_OSSL_PRIVATE_DECRYPT
 +#define RSA_F_RSA_OSSL_PRIVATE_DECRYPT RSA_F_RSA_EAY_PRIVATE_DECRYPT
 +#endif
 +
 +#ifndef LIBRESSL_VERSION_NUMBER
  #include <openssl/kdf.h>
 +#endif
  
  using namespace QCA;
  
-@@ -1239,6 +1245,7 @@ class opensslPbkdf2Context : public KDFContext (public
+@@ -1262,6 +1268,7 @@ class opensslPbkdf2Context : public KDFContext (protec
  protected:
  };
  
 +#ifndef LIBRESSL_VERSION_NUMBER
  class opensslHkdfContext : public HKDFContext
  {
      Q_OBJECT
-@@ -1271,6 +1278,7 @@ class opensslHkdfContext : public HKDFContext (public)
+@@ -1294,6 +1301,7 @@ class opensslHkdfContext : public HKDFContext (public)
          return out;
      }
  };
 +#endif // LIBRESSL_VERSION_NUMBER
  
  class opensslHMACContext : public MACContext
  {
-@@ -4951,7 +4959,11 @@ class MyTLSContext : public TLSContext (public)
+@@ -5004,7 +5012,11 @@ class MyTLSContext : public TLSContext (public)
          case TLS::TLS_v1:
              ctx = SSL_CTX_new(TLS_client_method());
              SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
 +#ifdef TLS1_3_VERSION           
              SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);
 +#else
 +            SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
 +#endif
              break;
          case TLS::DTLS_v1:
          default:
-@@ -4972,7 +4984,11 @@ class MyTLSContext : public TLSContext (public)
+@@ -5025,7 +5037,11 @@ class MyTLSContext : public TLSContext (public)
          QStringList cipherList;
          for (int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
              const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
 +#ifndef LIBRESSL_VERSION_NUMBER
              cipherList += QString::fromLatin1(SSL_CIPHER_standard_name(thisCipher));
 +#else
 +            cipherList += QString::fromLatin1(SSL_CIPHER_get_name(thisCipher));
 +#endif
          }
          sk_SSL_CIPHER_free(sk);
  
-@@ -5345,7 +5361,11 @@ class MyTLSContext : public TLSContext (public)
+@@ -5398,7 +5414,11 @@ class MyTLSContext : public TLSContext (public)
              sessInfo.version = TLS::TLS_v1;
          }
  
 +#ifndef LIBRESSL_VERSION_NUMBER
          sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_standard_name(SSL_get_current_cipher(ssl)));
 +#else
 +        sessInfo.cipherSuite = QString::fromLatin1(SSL_CIPHER_get_name(SSL_get_current_cipher(ssl)));
 +#endif
  
          sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits));
  
-@@ -6629,7 +6649,9 @@ class opensslProvider : public Provider (public)
- #endif
-         list += QStringLiteral("pbkdf1(sha1)");
+@@ -6705,7 +6725,9 @@ class opensslProvider : public Provider (public)
+         }
+         list += QStringLiteral("pkcs12");
          list += QStringLiteral("pbkdf2(sha1)");
 +#ifndef LIBRESSL_VERSION_NUMBER
          list += QStringLiteral("hkdf(sha256)");
 +#endif
          list += QStringLiteral("pkey");
          list += QStringLiteral("dlgroup");
          list += QStringLiteral("rsa");
-@@ -6698,8 +6720,10 @@ class opensslProvider : public Provider (public)
+@@ -6755,8 +6777,10 @@ class opensslProvider : public Provider (public)
  #endif
          else if (type == QLatin1String("pbkdf2(sha1)"))
              return new opensslPbkdf2Context(this, type);
 +#ifndef LIBRESSL_VERSION_NUMBER
          else if (type == QLatin1String("hkdf(sha256)"))
              return new opensslHkdfContext(this, type);
 +#endif
          else if (type == QLatin1String("hmac(md5)"))
              return new opensslHMACContext(EVP_md5(), this, type);
          else if (type == QLatin1String("hmac(sha1)"))