diff --git a/des.go b/des.go
index 98b15d2d..71b13333 100644
--- a/des.go
+++ b/des.go
@@ -14,9 +14,9 @@ import (
 // If CBC is also supported, then the returned cipher.Block
 // will also implement NewCBCEncrypter and NewCBCDecrypter.
 func SupportsDESCipher() bool {
-	// True for stock OpenSSL 1.
+	// True for stock OpenSSL 1 w/o FIPS.
 	// False for stock OpenSSL 3 unless the legacy provider is available.
-	return loadCipher(cipherDES, cipherModeECB) != nil
+	return (versionAtOrAbove(1, 1, 0) || !FIPS()) && loadCipher(cipherDES, cipherModeECB) != nil
 }
 
 // SupportsTripleDESCipher returns true if NewTripleDESCipher is supported,
diff --git a/evp.go b/evp.go
index cd79121b..b2886e69 100644
--- a/evp.go
+++ b/evp.go
@@ -72,9 +72,13 @@ func cryptoHashToMD(ch crypto.Hash) (md C.GO_EVP_MD_PTR) {
 	}
 	switch ch {
 	case crypto.MD4:
-		return C.go_openssl_EVP_md4()
+		if versionAtOrAbove(1, 1, 0) || !FIPS() {
+			return C.go_openssl_EVP_md4()
+		}
 	case crypto.MD5:
-		return C.go_openssl_EVP_md5()
+		if versionAtOrAbove(1, 1, 0) || !FIPS() {
+			return C.go_openssl_EVP_md5()
+		}
 	case crypto.SHA1:
 		return C.go_openssl_EVP_sha1()
 	case crypto.SHA224:
diff --git a/rc4.go b/rc4.go
index 94a96b20..f8815059 100644
--- a/rc4.go
+++ b/rc4.go
@@ -8,9 +8,9 @@ import "runtime"
 
 // SupportsRC4 returns true if NewRC4Cipher is supported.
 func SupportsRC4() bool {
-	// True for stock OpenSSL 1.
+	// True for stock OpenSSL 1 w/o FIPS.
 	// False for stock OpenSSL 3 unless the legacy provider is available.
-	return loadCipher(cipherRC4, cipherModeNone) != nil
+	return (versionAtOrAbove(1, 1, 0) || !FIPS()) && loadCipher(cipherRC4, cipherModeNone) != nil
 }
 
 // A RC4Cipher is an instance of RC4 using a particular key.