This article explains how to fix an annoying error – somewhat along the lines of “error:0308010C:digital envelope routines::unsupported” – you might encounter when running node scripts. This might happen in a pipeline or locally. And guess what: you can probably fix it.
Alright. Let’s get to it, then!
Problem
So I still get to code something occasionally (despite being a part of the cursed middle management now), and not a week goes by without yours truly breaking the build (or the build environment, or the dev environment)!
When running a node build script (for your reference – this can be a command something like “npm run build” or “npm run serve”, and the actual tool and command to execute is likely defined in a package.json file).
ModuleBuildError: Module build failed (from ./node_modules/babel-loader/lib/index.js):
Error: error:0308010C:digital envelope routines::unsupported
at new Hash (node:internal/crypto/hash:69:19)
at Proxy.createHash (node:crypto:138:10)
at filename (C:\code\Contoso\AdventureWorks.Web\node_modules\babel-loader\lib\cache.js:94:23)
at C:\code\Contoso\AdventureWorks.Web\node_modules\babel-loader\lib\cache.js:122:39
at Generator.next (<anonymous>)
at asyncGeneratorStep (C:\code\Contoso\AdventureWorks.Web\node_modules\babel-loader\lib\cache.js:3:103)
at _next (C:\code\Contoso\AdventureWorks.Web\node_modules\babel-loader\lib\cache.js:5:194)
at C:\code\Contoso\AdventureWorks.Web\node_modules\babel-loader\lib\cache.js:5:364
at new Promise (<anonymous>)
at C:\code\Contoso\AdventureWorks.Web\node_modules\babel-loader\lib\cache.js:5:97
at processResult (C:\code\Contoso\AdventureWorks.Web\node_modules\webpack\lib\NormalModule.js:751:19)
at C:\code\Contoso\AdventureWorks.Web\node_modules\webpack\lib\NormalModule.js:853:5
at C:\code\Contoso\AdventureWorks.Web\node_modules\loader-runner\lib\LoaderRunner.js:400:11
at C:\code\Contoso\AdventureWorks.Web\node_modules\loader-runner\lib\LoaderRunner.js:252:18
at context.callback (C:\code\Contoso\AdventureWorks.Web\node_modules\loader-runner\lib\LoaderRunner.js:124:13)
at C:\code\Contoso\AdventureWorks.Web\node_modules\babel-loader\lib\index.js:55:103
If you run into this in a Docker container build step in your CI pipeline, it might look somewhat like below:
Error: error:0308010C:digital envelope routines::unsupported
at new Hash (node:internal/crypto/hash:71:19)
at Object.createHash (node:crypto:133:10)
at module.exports (/app/node_modules/webpack/lib/util/createHash.js:135:53)
at NormalModule._initBuildHash (/app/node_modules/webpack/lib/NormalModule.js:417:16)
at /app/node_modules/webpack/lib/NormalModule.js:452:10
at /app/node_modules/webpack/lib/NormalModule.js:323:13
at /app/node_modules/loader-runner/lib/LoaderRunner.js:367:11
at /app/node_modules/loader-runner/lib/LoaderRunner.js:233:18
at context.callback (/app/node_modules/loader-runner/lib/LoaderRunner.js:111:13)
at /app/node_modules/babel-loader/lib/index.js:59:103 {
opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
library: 'digital envelope routines',
reason: 'unsupported',
code: 'ERR_OSSL_EVP_UNSUPPORTED'
}
Alright. So that’s the error.
What gives?
Reason
Node has, from version 17 onwards, moved to OpenSSL 3, in favor of OpenSSL 1.1.1 used in earlier versions. And for a good reason, too – OpenSSL 1.1.1 is unsupported as of 11.9.2023.
OpenSSL 3 being a major update means it is also not completely backwards compatible.
If your build toolchain is relying on OpenSSL 1.1.1, but your node version is >=17, you might run into all kinds of oddities. Just like I did.
Solution
There’s a few different things you can do. And some of them work for some toolchains and build pipelines, and the others work for different ones. So let’s take a look at our options.
Time needed: 20 minutes
How to fix “error:0308010C:digital envelope routines::unsupported”?
- Add environment variable to force Node to use legacy provider
This might be the least invasive option – try adding an environment variable called “NODE_OPTIONS” (if you don’t have one already) with a value “–openssl-legacy-provider” (or concatenate it if a property already existed.
Or you can add it to your .env file:NODE_OPTIONS="--openssl-legacy-provider"
Didn’t work? No worries, that was just the first thing to try! - Upgrade your build chain
So your tools or dependencies might secretly (or openly) be using some cryptographic functions that OpenSSL 3 does not support anymore.
Probably the most kosher way to fix this is to actually go through your build steps and tools and make sure you’re only using updated dependencies and nothing relies on years-old versions of OpenSSL.
But if you don’t have the time to do all that now… More options below: - If you’re running react-scripts, add
--openssl-legacy-provider
parameterIf react-scripts is what you’re running for your build, it has a built-in parameter to switch to using the 1.1.1 version under the hood.
Again – this is an unsupported OpenSSL version. But if it fixes the build now…react-scripts --openssl-legacy-provider build
Well, and then the most extreme (and not super strongly recommended) but easy option… - Downgrade your node
Another option is to downgrade your node version to <17.0.0. You should probably not do that, because OpenSSL 1.1.1 is now unsupported.
But… It might fix your build for now, without you having to work through the dependencies of your build tooling.
So using nvm or by deleting your new node version and reinstalling an older one, use node 16 or older.
My particular project had a particular build toolchain that had some weird dependencies that did not support OpenSSL 3 – so I ended up temporarily downgrading node using nvm. I actually had to go all the way to node v14.16.0, by running this:
nvm use 14.16.0
I figured our tooling for newer projects actually supports OpenSSL 3 properly, but this was a… Well, let’s call it a “legacy project”. We all have some skeletons in the closet… :)
References
- winget is broken again. - October 1, 2024
- How to fix PowerToys FancyZones in Windows 11? - September 24, 2024
- How to export the whole SSL (or TLS) certificate chain based on the original using PowerShell? - September 17, 2024