diff --git a/bin/tests/system/conf.sh b/bin/tests/system/conf.sh
index 545919a5d9..e3e9a08fb9 100644
--- a/bin/tests/system/conf.sh
+++ b/bin/tests/system/conf.sh
@@ -572,28 +572,4 @@ copy_setports() {
     $1 >$2
 }
 
-# parse_openssl_config - Parse OpenSSL configuration for HSM settings
-#
-# Will set SOFTHSM2_MODULE, OPENSSL_ENGINE and ENGINE_ARG based on openssl configuration.
-parse_openssl_config() {
-  ENGINE_ARG=""
-  [ -f "$OPENSSL_CONF" ] || return 0
-  while IFS="=" read key val; do
-    # trim variables
-    key="${key## }"
-    key="${key%% }"
-    val="${val## }"
-    val="${val%% }"
-    case "$key" in
-      "engine_id")
-        OPENSSL_ENGINE="$val"
-        ENGINE_ARG="-E $OPENSSL_ENGINE"
-        ;;
-      "MODULE_PATH" | "pkcs11-module-path")
-        SOFTHSM2_MODULE="$val"
-        ;;
-    esac
-  done <"$OPENSSL_CONF"
-}
-
 grep_v() { grep -v "$@" || test $? = 1; }
diff --git a/bin/tests/system/enginepkcs11/prereq.sh b/bin/tests/system/enginepkcs11/prereq.sh
index 4eb2788a62..335b348a63 100644
--- a/bin/tests/system/enginepkcs11/prereq.sh
+++ b/bin/tests/system/enginepkcs11/prereq.sh
@@ -23,7 +23,6 @@
   exit 255
 }
 
-parse_openssl_config
 [ -f "$SOFTHSM2_MODULE" ] || {
   echo_i "skip: softhsm2 module not available"
   exit 1
diff --git a/bin/tests/system/enginepkcs11/setup.sh b/bin/tests/system/enginepkcs11/setup.sh
index bf140f1895..51d59dd854 100644
--- a/bin/tests/system/enginepkcs11/setup.sh
+++ b/bin/tests/system/enginepkcs11/setup.sh
@@ -20,7 +20,6 @@ $SHELL clean.sh
 
 OPENSSL_CONF= softhsm2-util --init-token --free --pin 1234 --so-pin 1234 --label "softhsm2-enginepkcs11" | awk '/^The token has been initialized and is reassigned to slot/ { print $NF }'
 
-parse_openssl_config
 printf '%s' "${HSMPIN:-1234}" >ns1/pin
 PWD=$(pwd)
 
diff --git a/bin/tests/system/enginepkcs11/tests.sh b/bin/tests/system/enginepkcs11/tests.sh
index 9db388f22b..7b0c1072bf 100644
--- a/bin/tests/system/enginepkcs11/tests.sh
+++ b/bin/tests/system/enginepkcs11/tests.sh
@@ -16,7 +16,6 @@ set -e
 # shellcheck source=conf.sh
 . ../conf.sh
 
-parse_openssl_config
 PWD=$(pwd)
 
 status=0
diff --git a/bin/tests/system/isctest/vars/all.py b/bin/tests/system/isctest/vars/all.py
index 58e1689af2..2126c1c220 100644
--- a/bin/tests/system/isctest/vars/all.py
+++ b/bin/tests/system/isctest/vars/all.py
@@ -16,6 +16,7 @@ from .autoconf import AC_VARS  # type: ignore
 
 # pylint: enable=import-error
 from .basic import BASIC_VARS
+from .openssl import OPENSSL_VARS
 
 
 class VarLookup(ChainMap):
@@ -48,4 +49,4 @@ class VarLookup(ChainMap):
         return iter(self.keys())
 
 
-ALL = VarLookup(AC_VARS, BASIC_VARS)
+ALL = VarLookup(AC_VARS, BASIC_VARS, OPENSSL_VARS)
diff --git a/bin/tests/system/isctest/vars/openssl.py b/bin/tests/system/isctest/vars/openssl.py
new file mode 100644
index 0000000000..1dcef67faf
--- /dev/null
+++ b/bin/tests/system/isctest/vars/openssl.py
@@ -0,0 +1,49 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import os
+import re
+
+from .. import log
+
+
+OPENSSL_VARS = {
+    "OPENSSL_CONF": os.getenv("OPENSSL_CONF", ""),
+    "SOFTHSM2_CONF": os.getenv("SOFTHSM2_CONF", ""),
+    "SOFTHSM2_MODULE": "",
+    "ENGINE_ARG": "",
+}
+
+
+def parse_openssl_config(path: str):
+    if not os.path.isfile(path):
+        return
+    regex = re.compile(r"([^=]+)=(.*)")
+    log.debug(f"parsing openssl config: {path}")
+    with open(path, "r", encoding="utf-8") as conf:
+        for line in conf:
+            res = regex.match(line)
+            if res:
+                key = res.group(1).strip()
+                val = res.group(2).strip()
+                if key == "engine_id":
+                    OPENSSL_VARS["ENGINE_ARG"] = f"-E {val}"
+                    os.environ["ENGINE_ARG"] = f"-E {val}"
+                    log.debug("ENGINE_ARG set to {OPENSSL_VARS['ENGINE_ARG']}")
+                elif key in ["MODULE_PATH", "pkcs11-module-path"]:
+                    OPENSSL_VARS["SOFTHSM2_MODULE"] = val
+                    os.environ["SOFTHSM2_MODULE"] = val
+                    log.debug(
+                        "SOFTHSM2_MODULE set to {OPENSSL_VARS['SOFTHSM2_MODULE']}"
+                    )
+
+
+parse_openssl_config(OPENSSL_VARS["OPENSSL_CONF"])
diff --git a/bin/tests/system/keyfromlabel/prereq.sh b/bin/tests/system/keyfromlabel/prereq.sh
index c6caa0dc88..be1850a1fa 100644
--- a/bin/tests/system/keyfromlabel/prereq.sh
+++ b/bin/tests/system/keyfromlabel/prereq.sh
@@ -18,7 +18,6 @@
   exit 255
 }
 
-parse_openssl_config
 [ -f "$SOFTHSM2_MODULE" ] || {
   echo_i "skip: softhsm2 module not available"
   exit 1
diff --git a/bin/tests/system/keyfromlabel/tests.sh b/bin/tests/system/keyfromlabel/tests.sh
index 2f818c5d77..f29f327098 100644
--- a/bin/tests/system/keyfromlabel/tests.sh
+++ b/bin/tests/system/keyfromlabel/tests.sh
@@ -16,7 +16,6 @@ set -e
 # shellcheck source=conf.sh
 . ../conf.sh
 
-parse_openssl_config
 PWD=$(pwd)
 
 keygen() {