diff --git a/bin/tests/system/tsig/ns1/legacy/Khmac-md5-legacy.+157+22023.key b/bin/tests/system/tsig/ns1/legacy/Khmac-md5-legacy.+157+22023.key
new file mode 100644
index 0000000000..37ee8aec85
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/legacy/Khmac-md5-legacy.+157+22023.key
@@ -0,0 +1 @@
+hmac-md5-legacy. IN KEY 0 3 157 B7HCXJs0XnSPzypG5oHuGw==
diff --git a/bin/tests/system/tsig/ns1/legacy/Khmac-md5-legacy.+157+22023.private b/bin/tests/system/tsig/ns1/legacy/Khmac-md5-legacy.+157+22023.private
new file mode 100644
index 0000000000..8b2f435513
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/legacy/Khmac-md5-legacy.+157+22023.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 157 (HMAC_MD5)
+Key: B7HCXJs0XnSPzypG5oHuGw==
+Bits: AAA=
+Created: 20230619071002
+Publish: 20230619071002
+Activate: 20230619071002
diff --git a/bin/tests/system/tsig/ns1/legacy/Khmac-sha1-legacy.+161+50591.key b/bin/tests/system/tsig/ns1/legacy/Khmac-sha1-legacy.+161+50591.key
new file mode 100644
index 0000000000..bd1445deec
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/legacy/Khmac-sha1-legacy.+161+50591.key
@@ -0,0 +1 @@
+hmac-sha1-legacy. IN KEY 0 3 161 TxGx9XBp6Pp5yYAOKXdERA==
diff --git a/bin/tests/system/tsig/ns1/legacy/Khmac-sha1-legacy.+161+50591.private b/bin/tests/system/tsig/ns1/legacy/Khmac-sha1-legacy.+161+50591.private
new file mode 100644
index 0000000000..fe3d7ec0e3
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/legacy/Khmac-sha1-legacy.+161+50591.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 161 (HMAC_SHA1)
+Key: TxGx9XBp6Pp5yYAOKXdERA==
+Bits: AAA=
+Created: 20230619071031
+Publish: 20230619071031
+Activate: 20230619071031
diff --git a/bin/tests/system/tsig/ns1/legacy/Khmac-sha224-legacy.+162+50865.key b/bin/tests/system/tsig/ns1/legacy/Khmac-sha224-legacy.+162+50865.key
new file mode 100644
index 0000000000..c849be93d7
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/legacy/Khmac-sha224-legacy.+162+50865.key
@@ -0,0 +1 @@
+hmac-sha224-legacy. IN KEY 0 3 162 H8Hyw718rLqToQFRLAeFWQ==
diff --git a/bin/tests/system/tsig/ns1/legacy/Khmac-sha224-legacy.+162+50865.private b/bin/tests/system/tsig/ns1/legacy/Khmac-sha224-legacy.+162+50865.private
new file mode 100644
index 0000000000..a2f31ec375
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/legacy/Khmac-sha224-legacy.+162+50865.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 162 (HMAC_SHA224)
+Key: H8Hyw718rLqToQFRLAeFWQ==
+Bits: AAA=
+Created: 20230619071136
+Publish: 20230619071136
+Activate: 20230619071136
diff --git a/bin/tests/system/tsig/ns1/legacy/Khmac-sha256-legacy.+163+38999.key b/bin/tests/system/tsig/ns1/legacy/Khmac-sha256-legacy.+163+38999.key
new file mode 100644
index 0000000000..1bbb6f00c3
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/legacy/Khmac-sha256-legacy.+163+38999.key
@@ -0,0 +1 @@
+hmac-sha256-legacy. IN KEY 0 3 163 fdT9hiPov4ThMEfRv1FNmA==
diff --git a/bin/tests/system/tsig/ns1/legacy/Khmac-sha256-legacy.+163+38999.private b/bin/tests/system/tsig/ns1/legacy/Khmac-sha256-legacy.+163+38999.private
new file mode 100644
index 0000000000..0b209c694d
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/legacy/Khmac-sha256-legacy.+163+38999.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 163 (HMAC_SHA256)
+Key: fdT9hiPov4ThMEfRv1FNmA==
+Bits: AAA=
+Created: 20230619071043
+Publish: 20230619071043
+Activate: 20230619071043
diff --git a/bin/tests/system/tsig/ns1/legacy/Khmac-sha384-legacy.+164+56610.key b/bin/tests/system/tsig/ns1/legacy/Khmac-sha384-legacy.+164+56610.key
new file mode 100644
index 0000000000..46fae39435
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/legacy/Khmac-sha384-legacy.+164+56610.key
@@ -0,0 +1 @@
+hmac-sha384-legacy. IN KEY 0 3 164 fnshFIjQTLFap6+j2JGBkA==
diff --git a/bin/tests/system/tsig/ns1/legacy/Khmac-sha384-legacy.+164+56610.private b/bin/tests/system/tsig/ns1/legacy/Khmac-sha384-legacy.+164+56610.private
new file mode 100644
index 0000000000..be5aa1268d
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/legacy/Khmac-sha384-legacy.+164+56610.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 164 (HMAC_SHA384)
+Key: fnshFIjQTLFap6+j2JGBkA==
+Bits: AAA=
+Created: 20230619071109
+Publish: 20230619071109
+Activate: 20230619071109
diff --git a/bin/tests/system/tsig/ns1/legacy/Khmac-sha512-legacy.+165+22767.key b/bin/tests/system/tsig/ns1/legacy/Khmac-sha512-legacy.+165+22767.key
new file mode 100644
index 0000000000..0defc84585
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/legacy/Khmac-sha512-legacy.+165+22767.key
@@ -0,0 +1 @@
+hmac-sha512-legacy. IN KEY 0 3 165 BZwNLICp2tj4hi6gil41eg==
diff --git a/bin/tests/system/tsig/ns1/legacy/Khmac-sha512-legacy.+165+22767.private b/bin/tests/system/tsig/ns1/legacy/Khmac-sha512-legacy.+165+22767.private
new file mode 100644
index 0000000000..21268e5642
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/legacy/Khmac-sha512-legacy.+165+22767.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 165 (HMAC_SHA512)
+Key: BZwNLICp2tj4hi6gil41eg==
+Bits: AAA=
+Created: 20230619071124
+Publish: 20230619071124
+Activate: 20230619071124
diff --git a/bin/tests/system/tsig/ns1/named-fips.conf.in b/bin/tests/system/tsig/ns1/named-fips.conf.in
index b783805aac..6925f0f9c5 100644
--- a/bin/tests/system/tsig/ns1/named-fips.conf.in
+++ b/bin/tests/system/tsig/ns1/named-fips.conf.in
@@ -49,6 +49,31 @@ key "sha512" {
 	algorithm hmac-sha512;
 };
 
+key "hmac-sha1-legacy" {
+	algorithm "hmac-sha1";
+	secret "TxGx9XBp6Pp5yYAOKXdERA==";
+};
+
+key "hmac-sha224-legacy" {
+	algorithm "hmac-sha224";
+	secret "H8Hyw718rLqToQFRLAeFWQ==";
+};
+
+key "hmac-sha256-legacy" {
+	algorithm "hmac-sha256";
+	secret "fdT9hiPov4ThMEfRv1FNmA==";
+};
+
+key "hmac-sha384-legacy" {
+	algorithm "hmac-sha384";
+	secret "fnshFIjQTLFap6+j2JGBkA==";
+};
+
+key "hmac-sha512-legacy" {
+	algorithm "hmac-sha512";
+	secret "BZwNLICp2tj4hi6gil41eg==";
+};
+
 key "sha1-trunc" {
 	secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
 	algorithm hmac-sha1-80;
diff --git a/bin/tests/system/tsig/ns1/named.conf.in b/bin/tests/system/tsig/ns1/named.conf.in
index 17f2aba5e9..cae7d592f9 100644
--- a/bin/tests/system/tsig/ns1/named.conf.in
+++ b/bin/tests/system/tsig/ns1/named.conf.in
@@ -22,3 +22,8 @@ key "md5-trunc" {
 	secret "97rnFx24Tfna4mHPfgnerA==";
 	algorithm hmac-md5-80;
 };
+
+key "hmac-md5-legacy" {
+        algorithm "hmac-md5";
+        secret "B7HCXJs0XnSPzypG5oHuGw==";
+};
diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
index da85e7d622..42ee16cf54 100644
--- a/bin/tests/system/tsig/tests.sh
+++ b/bin/tests/system/tsig/tests.sh
@@ -257,5 +257,58 @@ if [ $ret -eq 1 ] ; then
     echo_i "failed"; status=1
 fi
 
+if $FEATURETEST --md5
+then
+	echo_i "fetching using hmac-md5 (legacy)"
+	ret=0
+	$DIG $DIGOPTS example.nil. -k ns1/legacy/Khmac-md5-legacy.+*.key @10.53.0.1 soa > dig.out.md5.legacy || ret=1
+	grep -i "md5.*TSIG.*NOERROR" dig.out.md5.legacy > /dev/null || ret=1
+	if [ $ret -eq 1 ] ; then
+		echo_i "failed"; status=1
+	fi
+else
+	echo_i "skipping using hmac-md5"
+fi
+
+echo_i "fetching using hmac-sha1 (legacy)"
+ret=0
+$DIG $DIGOPTS example.nil. -k ns1/legacy/Khmac-sha1-legacy.+*.key @10.53.0.1 soa > dig.out.sha1.legacy || ret=1
+grep -i "sha1.*TSIG.*NOERROR" dig.out.sha1.legacy > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo_i "failed"; status=1
+fi
+
+echo_i "fetching using hmac-sha224 (legacy)"
+ret=0
+$DIG $DIGOPTS example.nil. -k ns1/legacy/Khmac-sha224-legacy.+*.key @10.53.0.1 soa > dig.out.sha224 || ret=1
+grep -i "sha224.*TSIG.*NOERROR" dig.out.sha224 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo_i "failed"; status=1
+fi
+
+echo_i "fetching using hmac-sha256 (legacy)"
+ret=0
+$DIG $DIGOPTS example.nil. -k ns1/legacy/Khmac-sha256-legacy.*.key @10.53.0.1 soa > dig.out.sha256 || ret=1
+grep -i "sha256.*TSIG.*NOERROR" dig.out.sha256 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo_i "failed"; status=1
+fi
+
+echo_i "fetching using hmac-sha384 (legacy)"
+ret=0
+$DIG $DIGOPTS example.nil. -k ns1/legacy/Khmac-sha384-legacy.*.key @10.53.0.1 soa > dig.out.sha384 || ret=1
+grep -i "sha384.*TSIG.*NOERROR" dig.out.sha384 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo_i "failed"; status=1
+fi
+
+echo_i "fetching using hmac-sha512 (legacy)"
+ret=0
+$DIG $DIGOPTS example.nil. -k ns1/legacy/Khmac-sha512-legacy.*.key @10.53.0.1 soa > dig.out.sha512 || ret=1
+grep -i "sha512.*TSIG.*NOERROR" dig.out.sha512 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo_i "failed"; status=1
+fi
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1