I got your donation! Thank you so much!

I will try to explain the steps I have done. Basically, you need the Scratchbox SDK for cross-compiling N9 software - the easiest way for me was to use Halftux's VM: https://talk.maemo.org/showthread.php?t=95806
I used VirtualBox to run it (you could use VMware or maybe QEMU after converting the vhd file). Then some things to change language to English:

And I also set up sudo. Then, for easiest and most comfortable work, setup port forwarding of port 22 in VirtualBox (i.e. 8080 -> 22), so you can ssh / scp on localhost:8080 for most comfortable modern terminal of your choice.

Inside Scratchbox's terminal, you need sources of many packages. Basically, latest source is here:
http://maemo.cloud-7.de/HARM/N9/1.3/cdrom.iso
Mirror: http://wunderwungiel.pl/MeeGo/cdrom.iso

Extract the ISO and get sources of related packages. The list I used:

libsignoncrypto-qt
libsasl2
cryptsetup
aegis-crypto
aegis-certman
libaccounts-glib
qt4-x11

These are source packages. If the archive in source ISO contains both many folders and debian folder, just extract it. If there are two archives: orig and diff, extract orig first, cd to orig folder, and execute:

This will apply the diff files.

You need OpenSSL source, in this case 1.0.2u, extract it, and build normally. I used:

It will install new OpenSSL into Scratchbox's /usr/local. To make sure the latest one is used, cd to /usr/lib/pkgconfig, and rename the openssl *.pc files to *.bak files, so configure scripts don't find the original OpenSSL.

You can also grab OpenSSL files in /usr/local and make a DEB package from it with dpkg-deb.

Now you can build everything. For most packages, just execute:

in source directory (debian folder and many different files/folders). Exceptions:

- aegis-certman: in etc/certs/common-ca remove all certs and add Mozilla ones, in PEM (text) format. I also applied certman_main.cpp patch manually (patch utility refused to work). [B]I don't know if the patch was needed, but - it worked with it, so I left it like this.
- qt4-x11: edit src/network/ssl/qsslsocket_openssl_symbols.cpp, go to line 336, and remove:

So the line is:

If you used different OpenSSL prefix, change it here.

When you compiled everything, remove all *dev*, *dbg*, *doc*, and *test* files and grab only following packages (my list, many may be unnecessary):

libsignoncrypto-qt
libsasl2-modules
libsasl2
libqt4-network
libcryptsetup0
libaegis-crypto1
libaegis-certman0
libaccounts-glib0
libaccounts-glib-tools
cryptsetup
aegis-crypto-tools
aegis-certman-tools

Installing in device

Funny parts come here. To make new certs working, you need to execute c_rehash from OpenSSL (I added the command to my postinst). But, perl is not available on N9, as it break depends.

Two options:

- change the control files of either perl or mp-harmattan-xxx* (I don't remember which is problematic), or just extract perl deb and get binaries and correct folders
- rebuild perl to custom location

I used option two, I was lucky cause I had ready perl from previous things done for N9 (my WunderN9 repo), so I just changed shebang in /usr/local/bin/c_rehash to /my/prefix/bin/perl. That's why I include my Perl in the package.

So, make your perl available, install your OpenSSL (you can already add c_rehash to postinst, my OpenSSL postinst:

Then you could make again (idk if needed), and install all the DEBs from list you got from scratchbox. reboot (might be not needed), and enjoy TLS 1.2