diff --git a/dev-libs/openssl-compat/Manifest b/dev-libs/openssl-compat/Manifest
index c6e941f50957..f78b04b7c6fe 100644
--- a/dev-libs/openssl-compat/Manifest
+++ b/dev-libs/openssl-compat/Manifest
@@ -2,4 +2,6 @@ DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab86433795
 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919
+DIST openssl-3.6.2.tar.gz 54913556 BLAKE2B 21a23c53d16e9fbfb4c6d606d6056e7bb72e15c964c43a7f02837d805584bc34917fb2527cbc7fa75de63f3b5f840c693e7b43ac95e4bf9c10dce27f130bf69f SHA512 46549ed4d6b0160adfa3e1406bc16f3083a7f3c85bdda289c1dbebd0db91433c39855dae765787ec68157faffba4cdb05a0600af4652e3e35da939e0bad8ef1e
+DIST openssl-3.6.2.tar.gz.asc 833 BLAKE2B 089164a42cdbb22d688ab314fae83d3fa16fb8d0c206ce8d0fe82a670b6e5fb0859e8842d0c0f75184d8e7022086aa05feeb5193e720ef58c18c7d303a6ec157 SHA512 bc1710380b80e0b9d35fe706604357c1f801d0b6ab1481b53061e21d6f55904fe8961ec10ead5c454dc637c88586f3093df71d2210b960d65c112466422d51ff
 DIST openssl-compat-1.0.2u-versioned-symbols.patch.gz 24633 BLAKE2B 6bfad4ad27dbca0bd85bfd9521ffc844c3e93e6a1cca7c814edd49affc60ece1c706dd3aa7be2ce80857532531eac6f0f03f43c0be22a769d00d9241686eff71 SHA512 3d85aa34f2491e0e36eedc45829709e0fb552f6d558c2726b59dafa98c3e679b88497f3f7399d7565d88e727591e7d9b12f5b1e27116ba19b9a661d7f75b07a9
diff --git a/dev-libs/openssl-compat/metadata.xml b/dev-libs/openssl-compat/metadata.xml
index bfc9fa7650db..ec9957311bd8 100644
--- a/dev-libs/openssl-compat/metadata.xml
+++ b/dev-libs/openssl-compat/metadata.xml
@@ -7,6 +7,7 @@
 	</maintainer>
 	<use>
 		<flag name="bindist">Disable/Restrict EC algorithms (as they seem to be patented) -- note: changes the ABI</flag>
+		<flag name="quic">Enable support for QUIC (RFC 9000); a UDP-based protocol intended to replace TCP</flag>
 		<flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
 		<flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag>
 		<flag name="sslv3">Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https</flag>
diff --git a/dev-libs/openssl-compat/openssl-compat-3.6.2.ebuild b/dev-libs/openssl-compat/openssl-compat-3.6.2.ebuild
new file mode 100644
index 000000000000..86d925410287
--- /dev/null
+++ b/dev-libs/openssl-compat/openssl-compat-3.6.2.ebuild
@@ -0,0 +1,175 @@
+# Copyright 1999-2026 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
+
+inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
+
+MY_P=openssl-${PV/_/-}
+
+DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://openssl-library.org/"
+SRC_URI="
+	https://github.com/openssl/openssl/releases/download/${MY_P}/${MY_P}.tar.gz
+	verify-sig? (
+		https://github.com/openssl/openssl/releases/download/${MY_P}/${MY_P}.tar.gz.asc
+	)
+"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="Apache-2.0"
+SLOT="$(ver_cut 1)"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~x64-macos ~x64-solaris"
+IUSE="+asm cpu_flags_x86_sse2 +quic rfc3779 sctp test tls-compression vanilla weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+	!=dev-libs/openssl-$(ver_cut 1)*:0
+	tls-compression? ( >=virtual/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		app-alternatives/bc
+		sys-process/procps
+	)
+	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20240920 )
+"
+
+# Do not install any docs
+DOCS=()
+
+pkg_setup() {
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile || die
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308 -- check inserts GNU ld-compatible arguments
+	[[ ${CHOST} == *-darwin* ]] || append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		no-docs
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use_ssl asm)
+		$(use quic && echo "enable-quic")
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}/usr"
+		--openssldir="${EPREFIX}${SSL_CNF_DIR}"
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl Configure "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	dolib.so lib{crypto,ssl}.so.$(ver_cut 1)
+}