diff --git a/security/gost-engine/Makefile b/security/gost-engine/Makefile
index fb19cdfc607f..2a13f229962b 100644
--- a/security/gost-engine/Makefile
+++ b/security/gost-engine/Makefile
@@ -1,81 +1,92 @@
 PORTNAME=	gost-engine
+PORTREVISION=	1
 CATEGORIES=	security
 
 MAINTAINER=	eugen@FreeBSD.org
 COMMENT=	Implementation of the Russian GOST crypto algorithms for OpenSSL
 WWW=		https://github.com/gost-engine/engine/blob/master/README.gost
 
 LICENSE=	OpenSSL
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
 FLAVORS=	base openssl30
 
 openssl30_PKGNAMESUFFIX=	-${FLAVOR}
-openssl30_PLIST=	${.CURDIR}/pkg-plist-${FLAVOR}
 
 BROKEN_SSL=				libressl libressl-devel openssl31
 BROKEN_SSL_REASON_libressl=		needs features only available in OpenSSL 1.1.1+
 BROKEN_SSL_REASON_libressl-devel=	needs features only available in OpenSSL 1.1.1+
 BROKEN_SSL_REASON_openssl31=		not ready for openssl31
 
 BUILD_DEPENDS=  cmake>=3.18.1:devel/cmake
 
 USES=		cmake ssl
 USE_GITHUB=	yes
 GH_ACCOUNT=     gost-engine
 GH_PROJECT=     engine
 
 ENGINESDIR?=	${PREFIX}/${EDIR}
-PLIST_SUB+=     EDIR="${EDIR}" EDIRV="${EDIRV}"
+PLIST_SUB+=     EDIR="${EDIR}"
 
 CMAKE_ARGS+=	-DOPENSSL_ROOT_DIR=${OPENSSLBASE} \
 		-DOPENSSL_ENGINES_DIR=${ENGINESDIR}
 
 SUB_FILES=	pkg-message
 
 OPTIONS_DEFINE=	DOCS
 
 .include <bsd.port.options.mk>
 
+.if ${SSL_DEFAULT} == openssl30
+FLAVOR=	openssl30
+.endif
+
+# For OpenSSL 3.0.x in base (14+) or installed as port/package
 .if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1400092 || ${FLAVOR:U} == openssl30
 GH_TAGNAME=     2b22503
 GH_TUPLE+=      provider-corner:libprov:e9f3e6a:libprov
 GH_SUBDIR=      libprov:libprov
 DISTVERSION=	g20230106
+DISTINFO_FILE=	${PKGDIR}/distinfo.openssl30
+PLIST=		${PKGDIR}/pkg-plist-openssl30
+
+.if ${FLAVOR:U} == openssl30
 EDIR?=		lib/engines-12
-EDIRV?=		@comment unused
-DISTINFO_FILE=	${.CURDIR}/distinfo.openssl30
-.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1400092
-BROKEN_SSL+=	base # openssl31
+BROKEN_SSL+=	base
+.else
+EDIR?=		lib/engines-3
 .endif
+
+post-patch:
+	${REINPLACE_CMD} \
+	    's|/usr/lib/ssl/engines/libgost.so|${PREFIX}/${EDIR}/gost.so|' \
+	    ${WRKSRC}/INSTALL.md
+
+# For OpenSSL 1.1.x in base or installed as port/package
 .else
 GH_TAGNAME=	739f957
 DISTVERSION=	g20220520
 BROKEN_SSL+=	openssl30 # openssl31
 EDIR?=		lib/engines-1.1
-EDIRV?=		${EDIR}
-.endif
 
-.if ${SSL_DEFAULT} == openssl30
-FLAVOR=	openssl30
-.endif
-
-.if ${FLAVOR:U} == base
 post-patch:
 	${REINPLACE_CMD} 's/-Werror //' ${WRKSRC}/CMakeLists.txt
 
 post-install:
-	cd ${STAGEDIR}${PREFIX}/lib/engines-1.1 && \
+	cd ${STAGEDIR}${PREFIX}/${EDIR} && \
 	  ${MV} gost.so.1.1 libgost.so.1.1 && ${LN} -s libgost.so.1.1 libgost.so && \
 	  ${RM} gost.so
 .endif
 
 post-install-DOCS-off:
 	cd ${STAGEDIR}${PREFIX}/share/man/man1 && ${RM} gost12sum.1 gostsum.1
 
 post-install-DOCS-on:
 	${MKDIR} ${STAGEDIR}${DOCSDIR}
 	cd ${WRKSRC} && ${INSTALL_MAN} INSTALL.md README.gost README.md \
 		${STAGEDIR}${DOCSDIR}
+.if ${EDIR:M*engines-3}
+	${INSTALL_MAN} ${FILESDIR}/openssl.cnf.diff ${STAGEDIR}${DOCSDIR}
+.endif
 
 .include <bsd.port.mk>
diff --git a/security/gost-engine/files/openssl.cnf.diff b/security/gost-engine/files/openssl.cnf.diff
new file mode 100644
index 000000000000..77cf7b0d4d65
--- /dev/null
+++ b/security/gost-engine/files/openssl.cnf.diff
@@ -0,0 +1,18 @@
+--- openssl.cnf.orig	2023-06-26 14:18:41.158316000 +0700
++++ openssl.cnf	2023-06-30 02:41:55.649698000 +0700
+@@ -53,6 +53,15 @@ providers = provider_sect
+ 
+ [openssl_init]
+ providers = provider_sect
++engines = engine_section
++
++[engine_section]
++gost = gost_section
++
++[gost_section]
++engine_id = gost
++dynamic_path = /usr/local/lib/engines-3/gost.so
++default_algorithms = ALL
+ 
+ # List of providers to load
+ [provider_sect]
diff --git a/security/gost-engine/files/pkg-message.in b/security/gost-engine/files/pkg-message.in
index f15112bebb33..c235178b15b0 100644
--- a/security/gost-engine/files/pkg-message.in
+++ b/security/gost-engine/files/pkg-message.in
@@ -1,10 +1,13 @@
 [
 { type: install
   message: <<EOM
 You should edit openssl.cnf configuration file as specified below
 to start using GOST Engine through OpenSSL.
 For details, refer to the section `How to Configure' in
 %%DOCSDIR%%/INSTALL.md
+
+Also, you may find useful an example patch for your openssl.cnf in
+%%DOCSDIR%%/openssl.cnf.diff
 EOM
 }
 ]
diff --git a/security/gost-engine/pkg-plist b/security/gost-engine/pkg-plist
index 17b05cd8bd83..2261f975cb35 100644
--- a/security/gost-engine/pkg-plist
+++ b/security/gost-engine/pkg-plist
@@ -1,9 +1,9 @@
 bin/gost12sum
 bin/gostsum
 %%EDIR%%/libgost.so
-%%EDIRV%%/libgost.so.1.1
+%%EDIR%%/libgost.so.1.1
 %%PORTDOCS%%share/man/man1/gost12sum.1.gz
 %%PORTDOCS%%share/man/man1/gostsum.1.gz
 %%PORTDOCS%%%%DOCSDIR%%/INSTALL.md
 %%PORTDOCS%%%%DOCSDIR%%/README.gost
 %%PORTDOCS%%%%DOCSDIR%%/README.md
diff --git a/security/gost-engine/pkg-plist-openssl30 b/security/gost-engine/pkg-plist-openssl30
index a4c8b49c89c9..4904852e6787 100644
--- a/security/gost-engine/pkg-plist-openssl30
+++ b/security/gost-engine/pkg-plist-openssl30
@@ -1,16 +1,16 @@
 bin/gost12sum
 bin/gostsum
 %%EDIR%%/gost.so
-%%EDIRV%%/libgost.so.1.1
 lib/libgost.so
 lib/libgostprov.so
 lib/ossl-modules/gostprov.so
 share/cmake/GostEngine/GostEngineConfig-%%CMAKE_BUILD_TYPE%%.cmake
 share/cmake/GostEngine/GostEngineConfig.cmake
 share/cmake/GostProvider/GostProviderConfig-%%CMAKE_BUILD_TYPE%%.cmake
 share/cmake/GostProvider/GostProviderConfig.cmake
 %%PORTDOCS%%share/man/man1/gost12sum.1.gz
 %%PORTDOCS%%share/man/man1/gostsum.1.gz
 %%PORTDOCS%%%%DOCSDIR%%/INSTALL.md
 %%PORTDOCS%%%%DOCSDIR%%/README.gost
 %%PORTDOCS%%%%DOCSDIR%%/README.md
+%%PORTDOCS%%%%DOCSDIR%%/openssl.cnf.diff