diff --git a/test/recipes/90-test_store.t b/test/recipes/90-test_store.t
index a36a59fd8b..a61ed5b51e 100644
--- a/test/recipes/90-test_store.t
+++ b/test/recipes/90-test_store.t
@@ -19,7 +19,7 @@ setup($test_name);
 my $mingw = config('target') =~ m|^mingw|;
 
 my $use_md5 = !disabled("md5");
-my $use_des = !disabled("des"); # also affects 3des and pkcs12 app
+my $use_des = !(disabled("des") || disabled("legacy")); # also affects 3des and pkcs12 app
 my $use_dsa = !disabled("dsa");
 my $use_ecc = !disabled("ec");
 
@@ -97,7 +97,9 @@ my @noexist_file_files =
 # @methods is a collection of extra 'openssl storeutl' arguments used to
 # try the different methods.
 my @methods;
-push @methods, [qw(-provider default -provider legacy)];
+my @prov_method = qw(-provider default);
+push @prov_method, qw(-provider legacy) unless disabled('legacy');
+push @methods, [ @prov_method ];
 push @methods, [qw(-engine loader_attic)]
     unless disabled('dynamic-engine') || disabled('deprecated-3.0');
 
@@ -291,7 +293,9 @@ indir "store_$$" => sub {
 sub init {
     my $cnf = srctop_file('test', 'ca-and-certs.cnf');
     my $cakey = srctop_file('test', 'certs', 'ca-key.pem');
-    my @std_args = qw(-provider default -provider legacy);
+    my @std_args = qw(-provider default);
+    push @std_args, qw(-provider legacy)
+        unless disabled('legacy');
     return (
             # rsa-key-pkcs1.pem
             run(app(["openssl", "pkey", @std_args,