diff --git a/README.md b/README.md
index 3c14da04398185..ceb70b38c0510e 100644
--- a/README.md
+++ b/README.md
@@ -306,6 +306,8 @@ Instructions:
    /usr/local/ssl/fips-2.0
 8. Build Node.js with `make -j`
 9. Verify with `node -p "process.versions.openssl"` (`1.0.2a-fips`)
+10. For FIPS mode to be enabled at runtime, the OPENSSL_FIPS environment
+    variable must be set to 1.
 
 ## Resources for Newcomers
 
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index f0569eb354ac5e..4fb4325c8f21ae 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -5522,10 +5522,12 @@ void InitCryptoOnce() {
   CRYPTO_THREADID_set_callback(crypto_threadid_cb);
 
 #ifdef NODE_FIPS_MODE
-  if (!FIPS_mode_set(1)) {
-    int err = ERR_get_error();
-    fprintf(stderr, "openssl fips failed: %s\n", ERR_error_string(err, NULL));
-    UNREACHABLE();
+  if (getenv("OPENSSL_FIPS")) {
+    if (!FIPS_mode_set(1)) {
+      int err = ERR_get_error();
+      fprintf(stderr, "openssl fips failed: %s\n", ERR_error_string(err, NULL));
+      UNREACHABLE();
+    }
   }
 #endif  // NODE_FIPS_MODE