On 15-SP6, the result of the last command of the following:

> openssl req -new -x509 -newkey rsa:2048 -keyout myca.key -days 3568 -out myca.pem -nodes -subj "/C=CN/ST=Beijing/L=Beijing/O=QA/OU=security/CN=389ds.ca.example.com" -addext "keyUsage=digitalSignature,keyEncipherment,dataEncipherment,cRLSign,keyCertSign";
> openssl genrsa -out server.key 2048
> openssl req -new -key server.key -out server.csr -subj "/C=CN/ST=Beijing/L=Beijing/O=QA/OU=security/CN=389ds.example.com"
> openssl x509 -req -days 3560 -CA myca.pem -CAkey myca.key -CAcreateserial -in server.csr -out server.pem
> openssl pkcs12 -export -inkey server.key -in server.pem -out crt.p12 -nodes -name Server-Cert -password pass:""

is:

> Certificate request self-signature ok
> subject=C = CN, ST = Beijing, L = Beijing, O = QA, OU = security, CN = 389ds.example.com
> Warning: output encryption option -nodes ignored with -export
> Error creating PKCS12 MAC; no PKCS12KDF support?
> Use -nomac if MAC not required and PKCS12KDF support not available.
> 40874481DA7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:341:Global default library context, Algorithm (PKCS12KDF : 183), Properties (<null>)
> 40874481DA7F0000:error:1180006B:PKCS12 routines:pkcs12_gen_mac:key gen error:crypto/pkcs12/p12_mutl.c:157:
> 40874481DA7F0000:error:1180006D:PKCS12 routines:PKCS12_set_mac:mac generation error:crypto/pkcs12/p12_mutl.c:230:

while on 15-SP5 it's fine without an error.