diff --git a/ext/openssl/config0.m4 b/ext/openssl/config0.m4
index 1861a09ca5496..a2404c601cc78 100644
--- a/ext/openssl/config0.m4
+++ b/ext/openssl/config0.m4
@@ -10,6 +10,13 @@ PHP_ARG_WITH([system-ciphers],
   [no],
   [no])
 
+PHP_ARG_WITH([openssl-legacy-provider],
+  [whether to load legacy algorithm provider],
+  [AS_HELP_STRING([--with-openssl-legacy-provider],
+    [OPENSSL: Load legacy algorithm provider in addition to default provider])],
+  [no],
+  [no])
+
 if test "$PHP_OPENSSL" != "no"; then
   PHP_NEW_EXTENSION(openssl, openssl.c xp_ssl.c, $ext_shared)
   PHP_SUBST(OPENSSL_SHARED_LIBADD)
@@ -25,4 +32,8 @@ if test "$PHP_OPENSSL" != "no"; then
   if test "$PHP_SYSTEM_CIPHERS" != "no"; then
     AC_DEFINE(USE_OPENSSL_SYSTEM_CIPHERS,1,[ Use system default cipher list instead of hardcoded value ])
   fi
+
+  if test "$PHP_OPENSSL_LEGACY_PROVIDER" != "no"; then
+    AC_DEFINE(LOAD_OPENSSL_LEGACY_PROVIDER,1,[ Load legacy algorithm provider in addition to default provider ])
+  fi
 fi
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 949f5d76245e8..45db5065707a7 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -59,6 +59,7 @@
 #if PHP_OPENSSL_API_VERSION >= 0x30000
 #include <openssl/core_names.h>
 #include <openssl/param_build.h>
+#include <openssl/provider.h>
 #endif
 
 #if defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_NO_ENGINE)
@@ -1277,6 +1278,10 @@ PHP_MINIT_FUNCTION(openssl)
 	OpenSSL_add_all_algorithms();
 	SSL_load_error_strings();
 #else
+#if PHP_OPENSSL_API_VERSION >= 0x30000 && defined(LOAD_OPENSSL_LEGACY_PROVIDER)
+	OSSL_PROVIDER_load(NULL, "legacy");
+	OSSL_PROVIDER_load(NULL, "default");
+#endif
 	OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
 #endif