Well, apparently openssl 0.9.8 is more fragile than 0.9.7g; two of my installed ports won't rebuild with it. There's an easy workaround for security/cyrus-sasl2 -- make it with WITHOUT_NTLM defined. I haven't figured out exactly how comms/kermit broke, though. Jim