diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc
index 28ea24e470e35c..aa5ba34c761224 100644
--- a/src/crypto/crypto_context.cc
+++ b/src/crypto/crypto_context.cc
@@ -1149,12 +1149,14 @@ void SecureContext::LoadPKCS12(const FunctionCallbackInfo<Value>& args) {
     // TODO(@jasnell): Should this use ThrowCryptoError?
     unsigned long err = ERR_get_error();  // NOLINT(runtime/int)
 
+#if OPENSSL_VERSION_MAJOR >= 3
     if (ERR_GET_REASON(err) == ERR_R_UNSUPPORTED) {
       // OpenSSL's "unsupported" error without any context is very
       // common and not very helpful, so we override it:
       return THROW_ERR_CRYPTO_UNSUPPORTED_OPERATION(
           env, "Unsupported PKCS12 PFX data");
     }
+#endif
 
     const char* str = ERR_reason_error_string(err);
     str = str != nullptr ? str : "Unknown error";
diff --git a/test/parallel/test-tls-legacy-pfx.js b/test/parallel/test-tls-legacy-pfx.js
index f4d6556a23da25..33b4c58fc6ccc3 100644
--- a/test/parallel/test-tls-legacy-pfx.js
+++ b/test/parallel/test-tls-legacy-pfx.js
@@ -2,6 +2,9 @@
 const common = require('../common');
 if (!common.hasCrypto)
   common.skip('missing crypto');
+if (!common.hasOpenSSL3)
+  common.skip('OpenSSL legacy failures are only testable with OpenSSL 3+');
+
 const fixtures = require('../common/fixtures');
 
 const {