Node.js OpenSSL Digital Envelope Routines Error: Causes and Solutions
Problem Overview
The error:0308010C:digital envelope routines::unsupported error occurs when using Node.js version 17+ with projects that depend on older cryptographic algorithms. This error typically appears during build processes, particularly with React, Next.js, and other JavaScript frameworks.
The error message indicates that OpenSSL 3.0 (introduced in Node.js 17+) no longer supports the legacy MD4 algorithm that some build tools still rely on.
Root Cause
Node.js v17.0.0 moved from OpenSSL 1.1.1 to OpenSSL 3.0, which disabled certain older cryptographic algorithms including MD4. Many build tools and frameworks (like Webpack in Create React App) still use these legacy algorithms, causing compatibility issues.
Error: error:0308010C:digital envelope routines::unsupported
at new Hash (node:internal/crypto/hash:71:19)
at Object.createHash (node:crypto:133:10)
at module.exports (/app/node_modules/webpack/lib/util/createHash.js:135:53)
opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
library: 'digital envelope routines',
reason: 'unsupported',
code: 'ERR_OSSL_EVP_UNSUPPORTED'Solutions
1. Use OpenSSL Legacy Provider (Temporary Fix)
The most common solution is to enable the legacy OpenSSL provider:
For development environments:
# Linux/macOS
export NODE_OPTIONS="--openssl-legacy-provider"
# Windows (Command Prompt)
set NODE_OPTIONS=--openssl-legacy-provider
# Windows (PowerShell)
$env:NODE_OPTIONS = "--openssl-legacy-provider"In package.json scripts:
"scripts": {
"start": "react-scripts --openssl-legacy-provider start",
"build": "react-scripts --openssl-legacy-provider build"
}"scripts": {
"dev": "node --openssl-legacy-provider ./node_modules/.bin/next dev",
"build": "node --openssl-legacy-provider ./node_modules/.bin/next build",
"start": "node --openssl-legacy-provider ./node_modules/.bin/next start"
}In Dockerfile:
FROM node:18-alpine
ENV NODE_OPTIONS="--openssl-legacy-provider"
EXPOSE 3000
WORKDIR /app
COPY ./frontend/package.json .
RUN npm install
COPY ./frontend .
COPY ./images .
CMD ["npm", "start"]Security Note
Using the legacy OpenSSL provider is a temporary workaround and not recommended for production, as older encryption algorithms may have security vulnerabilities.
2. Downgrade Node.js Version
Switch to Node.js version 16.x, which uses OpenSSL 1.1.1 and doesn't have this compatibility issue:
# Using nvm (Node Version Manager)
nvm install 16
nvm use 16
# Or specify in Dockerfile
FROM node:16-alpine3. Update Your Dependencies
Sometimes simply updating your packages can resolve the issue:
npm update
# or
yarn updateRecommended Approach
For production environments, the safest approach is to:
- Use Node.js 16.x for projects with compatibility issues
- Gradually update your tooling to support modern OpenSSL standards
- Avoid the legacy provider flag in production when possible
Framework-Specific Solutions
React.js
Update your scripts in package.json to include the OpenSSL legacy flag with react-scripts.
Next.js
Use the explicit node command with the legacy provider flag as shown in the code examples above.
Angular
Check Angular version compatibility with your Node.js version and consider downgrading Node.js if using older Angular versions.
Conclusion
The OpenSSL digital envelope error is a compatibility issue between Node.js versions 17+ and legacy build tools. While the temporary fixes work, the long-term solution involves updating your development stack to support modern cryptographic standards or maintaining compatibility with appropriate Node.js versions.
For ongoing issues, check the Node.js release notes and the Create React App issue tracker for updates.