Node.js error code `ERR_OSSL_EVP_UNSUPPORTED`

February 12, 2024 · 2 min read

TL;DR

Problem

Error in Node.js output

Error: error:0308010C:digital envelope routines::unsupported

Easiest solution

Create a .npmrc file in the root of the project (same location as your package.json file) with following contents:

node-options="--openssl-legacy-provider"

The problem

This problem typically occurs in projects that were developed with Node.js version 16 and earlier, and then run in version 17 or later. It is a result of Node.js version 17 using OpenSSL 3.0.

The problem has to do with deprecated SSL connection options in Node.js versions 17 or later.

The solution

There are several solutions to this issue.

Like many computer problems, there is the quick fix solution that "solves" the problem by making the error message go away (treating the symptom), and there is the "correct" solution that addresses the root cause (treating the root cause).

The quickfix

This solution makes the problem go away by telling Node not to reject the weaker connection.

This is done by setting the environment variable like so:

export NODE_OPTIONS=--openssl-legacy-provider

As an alternative, the environment variable can be specified as a prefix to the npm command:

NODE_OPTIONS=--openssl-legacy-provider npm run dev

The "permanent" quickfix

One nifty alternative is to create a .npmrc file with the following contents:

I like this option because this file can be committed into version control and solve the problem "permanently".

The right solution

The "right" solution is to update the application or packages. The error occurs because the application or a module in the application is using an algorithm or key that is not supported by OpenSSL 3.0 by default.

Caveats

The main issue with the quick fix solution is that it overrides the stronger security safeguards imposed by newer versions of Node.js

Normally this is a bad idea. However, there is a use case where this isn't a problem. And that is to generate static websites. For this use case, Node.js is only used to generate the static web pages (i.e. HTML, CSS and client-side JS) and not used in production. Thus, it is not a concern if it uses a weaker connection since it is never used in production.

A practical scenario is the use of Nuxt to generate static websites and then host the sites using a Web server like NGINX or Caddy Web Server.

TL;DR​

Problem​

Easiest solution​

The problem​

The solution​

The quickfix​

The "permanent" quickfix​

The right solution​

Caveats​