diff --git a/lib/crypto_backend/crypto_openssl.c b/lib/crypto_backend/crypto_openssl.c
index a5ec4048..92eeb33c 100644
--- a/lib/crypto_backend/crypto_openssl.c
+++ b/lib/crypto_backend/crypto_openssl.c
@@ -45,6 +45,7 @@
 static OSSL_PROVIDER *ossl_legacy = NULL;
 static OSSL_PROVIDER *ossl_default = NULL;
 static OSSL_LIB_CTX  *ossl_ctx = NULL;
+static char backend_version[256] = "OpenSSL";
 #endif
 
 #define CONST_CAST(x) (x)(uintptr_t)
@@ -133,28 +134,6 @@ static void HMAC_CTX_free(HMAC_CTX *md)
 	free(md);
 }
 #else
-static int openssl_backend_init(void)
-{
-/*
- * OpenSSL >= 3.0.0 provides some algorithms in legacy provider
- */
-#if OPENSSL_VERSION_MAJOR >= 3
-	ossl_ctx = OSSL_LIB_CTX_new();
-	if (!ossl_ctx)
-		return -EINVAL;
-
-	ossl_default = OSSL_PROVIDER_try_load(ossl_ctx, "default", 0);
-	if (!ossl_default) {
-		OSSL_LIB_CTX_free(ossl_ctx);
-		return -EINVAL;
-	}
-
-	/* Optional */
-	ossl_legacy = OSSL_PROVIDER_try_load(ossl_ctx, "legacy", 0);
-#endif
-	return 0;
-}
-
 static void openssl_backend_exit(void)
 {
 #if OPENSSL_VERSION_MAJOR >= 3
@@ -171,9 +150,46 @@ static void openssl_backend_exit(void)
 #endif
 }
 
+static int openssl_backend_init(void)
+{
+/*
+ * OpenSSL >= 3.0.0 provides some algorithms in legacy provider
+ */
+#if OPENSSL_VERSION_MAJOR >= 3
+	int r;
+
+	ossl_ctx = OSSL_LIB_CTX_new();
+	if (!ossl_ctx)
+		return -EINVAL;
+
+	ossl_default = OSSL_PROVIDER_try_load(ossl_ctx, "default", 0);
+	if (!ossl_default) {
+		OSSL_LIB_CTX_free(ossl_ctx);
+		return -EINVAL;
+	}
+
+	/* Optional */
+	ossl_legacy = OSSL_PROVIDER_try_load(ossl_ctx, "legacy", 0);
+
+	r = snprintf(backend_version, sizeof(backend_version), "%s %s%s",
+		OpenSSL_version(OPENSSL_VERSION),
+		ossl_default ? "[default]" : "",
+		ossl_legacy  ? "[legacy]" : "");
+	if (r < 0 || (size_t)r >= sizeof(backend_version)) {
+		openssl_backend_exit();
+		return -EINVAL;
+	}
+#endif
+	return 0;
+}
+
 static const char *openssl_backend_version(void)
 {
-    return OpenSSL_version(OPENSSL_VERSION);
+#if OPENSSL_VERSION_MAJOR >= 3
+	return backend_version;
+#else
+	return OpenSSL_version(OPENSSL_VERSION);
+#endif
 }
 #endif