Error message "error:0308010C:digital envelope routines::unsupported"

  1. Downgrade Node.js to v16 (Not recommended)
  2. Tell Node to use the legacy OpenSSL provider

Today when I was trying to start a Node script, I had the following error:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Error: error:0308010C:digital envelope routines::unsupported
    at new Hash (node:internal/crypto/hash:68:19)
    at Object.createHash (node:crypto:138:10)
    at module.exports (E:\projects\react--bootstrap-ribbon-helmet-basic-example\node_modules\webpack\lib\util\createHash.js:90:53)
    at NormalModule._initBuildHash (E:\projects\react--bootstrap-ribbon-helmet-basic-example\node_modules\webpack\lib\NormalModule.js:401:16)
    at E:\projects\react--bootstrap-ribbon-helmet-basic-example\node_modules\webpack\lib\NormalModule.js:433:10
    at E:\projects\react--bootstrap-ribbon-helmet-basic-example\node_modules\webpack\lib\NormalModule.js:308:13
    at E:\projects\react--bootstrap-ribbon-helmet-basic-example\node_modules\loader-runner\lib\LoaderRunner.js:367:11
    at E:\projects\react--bootstrap-ribbon-helmet-basic-example\node_modules\loader-runner\lib\LoaderRunner.js:233:18
    at context.callback (E:\projects\react--bootstrap-ribbon-helmet-basic-example\node_modules\loader-runner\lib\LoaderRunner.js:111:13)
    at E:\projects\react--bootstrap-ribbon-helmet-basic-example\node_modules\react-scripts\node_modules\babel-loader\lib\index.js:51:103 {
  opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
  library: 'digital envelope routines',
  reason: 'unsupported',
  code: 'ERR_OSSL_EVP_UNSUPPORTED'
}

Node.js v20.11.1
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

The error comes from a dependency relying on an obsolete version of SSL, so you have a couple of options:

  1. Downgrade to Node.js v16.
  2. Tell Node to use the legacy OpenSSL provider

You can downgrade Node itself so that you’re using a version that uses the old, insecure, version of LibSSL. That doesn’t “solve” the problem of running insecure and potentially exploitable code, of course, but your code will at least run.

(You can either do that using the official Node installers, or you can use something like nvm. For Windows, use nvm-windows.)

Tell Node to use the legacy OpenSSL provider

In your package.json: change this line

1
"start": "react-scripts start"

to

1
"start": "react-scripts --openssl-legacy-provider start"

Sources: