If you’re working with Node.js and suddenly run into the error Error:0308010c:digital envelope routines::unsupported, you’re not alone. This OpenSSL-related issue often appears when running projects built with tools like Webpack, React, or Next.js – especially on newer versions of Node.js. The error can be confusing at first glance, but the root cause is straightforward: a mismatch between Node.js’s updated cryptography settings and dependencies that still rely on older methods. In this guide, we’ll break down why this happens and walk you through the most effective fixes.
I remember this error, as I got it many times while working on the React. This is one the reasons I choose to write fixing guide based on my own experience and research.
From below table of content, you can jump to any relevant section:
Fixing Error:0308010c:digital envelope routines::unsupported
Here is the complete guide to fix this error. Let’s first understand the basics of this error. This way we will go into the deep to understand it. Then we will go through its solution along with some ways to prevent it in the future. Let’s get started…
What Is Error:0308010c in Node.js?
The error message Error:0308010c:digital envelope routines::unsupported may look like gibberish at first, but it’s really a signal from Node.js telling you that a cryptographic operation it tried to run is no longer supported. In plain terms, Node.js asked OpenSSL (its underlying security library) to perform an encryption or hashing task, but OpenSSL refused because the method is outdated.
The phrase “digital envelope routines” refers to OpenSSL’s internal functions that handle encryption and decryption. Starting from Node.js 17, OpenSSL was upgraded with stricter defaults, which disabled older, less secure algorithms. That’s why tools and packages built on these older methods suddenly break, even though your own code may have nothing to do with cryptography.
For example, imagine you’re running a React app with Webpack 4 on Node.js 18. Everything worked fine on Node.js 16, but when you upgrade and run:
npm startyou might immediately see the error flood your terminal. The issue isn’t React itself – it’s Webpack relying on a crypto function that Node.js 18 no longer allows. This same scenario often happens in Next.js builds, custom Webpack setups, or even simple CLI commands like
npm run buildIn short, the error usually means:
- Your Node.js version is ahead of what your toolchain supports.
- A dependency (like Webpack, React Scripts, or Next.js) is still using a legacy crypto function.
Similar compatibility issues can also appear when working with modern Node.js module systems, such as the ReferenceError: __dirname is not defined in ES module scope, which happens due to differences between CommonJS and ES Modules.
Why Does This Error Occur?
The root cause of Error:0308010c:digital envelope routines::unsupported lies in a mismatch between Node.js versions and the cryptographic methods used by some of your project’s dependencies.
Starting with Node.js 17, the platform adopted OpenSSL 3.0, which introduced stricter rules around encryption. Many legacy algorithms and functions that were considered insecure were either disabled or completely removed. While this was a big step forward for security, it also meant that older tools – especially build systems like Webpack 4 or frameworks relying on it – suddenly started breaking.
Here’s what happens under the hood:
- Your build tool (e.g., Webpack, Next.js, or React Scripts) calls a crypto function to hash or encrypt something.
- That function worked fine in Node.js 16 (which used OpenSSL 1.1.1).
- In Node.js 17+, the same function is now unsupported, so OpenSSL throws the error.
That’s why the error message specifically mentions “digital envelope routines” – those are the OpenSSL functions that Node.js is trying (and failing) to use.
In practical terms, the error is not caused by your code. Instead, it’s a compatibility issue between your Node.js runtime and the versions of your dependencies. This is why the problem shows up so often in projects that haven’t upgraded Webpack, Babel, or framework versions to align with modern Node.js releases.
You may also run into related module compatibility errors like Cannot use import statement outside a module in NodeJS, especially when upgrading Node.js or mixing different module formats.
Common Scenarios Where This Error Appears
This problem shows up most often in everyday development workflows, especially when working with popular JavaScript frameworks and bundlers. Here are the most common situations where developers run into it:
1. Running a React or Next.js Development Server
If you’re building a frontend app and run npm start or npm run dev, the error can appear right away. This happens because React Scripts or Next.js rely on Webpack under the hood, and older Webpack versions still use crypto methods no longer supported in Node.js 17+.
2. Building a Project with Webpack
Projects that depend on Webpack 4 or early Webpack 5 releases often fail during npm run build. The bundler internally uses hashing for modules and assets, which triggers the unsupported cryptography calls.
3. Upgrading Node.js Without Updating Dependencies
Many developers upgrade to Node.js 18 or 20 for performance and security benefits, only to find their existing apps suddenly break. If the project’s dependencies haven’t been updated to support the new Node.js runtime, this error is one of the first blockers you’ll see.
4. Continuous Integration (CI) or Deployment Environments
You might not see the error locally but encounter it on servers that default to newer Node.js versions. For example, deploying a Next.js app to a platform like Vercel or Netlify can trigger the issue if your local machine runs Node.js 16 but the server uses Node.js 18.
If you’re deploying on cloud platforms, you may also encounter environment-specific issues. This guide on Common DigitalOcean deployment errors and fixes covers several real-world Node.js deployment problems.
How to Fix Error:0308010c:digital envelope routines::unsupported
The good news is that this error has multiple solutions, depending on whether you want a quick fix or a long-term stable setup. Below are the most effective approaches.
1. Switch to Node.js 16 LTS (Most Reliable Fix for Error:0308010c:digital envelope routines::unsupported)
The simplest and most stable solution is to use Node.js 16 LTS, which still supports the older OpenSSL functions. Since most packages are fully compatible with Node.js 16, this avoids the error altogether.
Steps with NVM (Node Version Manager):
nvm install 16
nvm use 16If you’re not using NVM, you can download Node.js 16 directly from the official Node.js website.
This is the best fix if you want stability in production or CI environments.
2. Use the OpenSSL Legacy Provider Flag
If downgrading Node.js isn’t an option, you can enable OpenSSL’s legacy provider, which reactivates the older algorithms.
Linux / macOS:
export NODE_OPTIONS=--openssl-legacy-provider
npm startWindows (PowerShell):
setx NODE_OPTIONS "--openssl-legacy-provider"
npm startThis tells Node.js to allow the older crypto methods again. It’s quick, but should be treated as a temporary workaround, not a permanent fix.
3. Update Your Dependencies (Webpack, React, Next.js)
Long term, the real fix is to bring your toolchain up to date. Newer versions of Webpack, React Scripts, and Next.js have already adapted to Node.js 17+ and OpenSSL 3.
- Update Webpack to v5.61+
- Update Next.js to the latest release
- Update React Scripts (or switch to Vite if migrating)
npm install webpack@latest
npm install next@latest
npm install react-scripts@latestThis ensures your project works on newer Node.js versions without relying on legacy crypto.
4. Edit Package Scripts for a Quick Fix of Error:0308010c:digital envelope routines::unsupported
If you can’t upgrade right away, you can modify your project’s package.json scripts to always include the OpenSSL flag.
"scripts": {
"start": "NODE_OPTIONS=--openssl-legacy-provider react-scripts start",
"build": "NODE_OPTIONS=--openssl-legacy-provider react-scripts build"
}
This way, every time you run your dev server or build process, the flag is applied automatically.
Please note: Use Option 2 or 4 for short-term fixes while planning Option 3 (updating dependencies) for a long-term solution.
Best Practices to Prevent Error:0308010c:digital envelope routines::unsupported
Fixing the error once is good, but preventing it from coming back is even better. Since the root cause lies in mismatched Node.js versions and outdated dependencies, a few proactive habits can save you from running into Error:0308010c:digital envelope routines::unsupported again.
1. Stick to Node.js LTS Versions for Production
The Long-Term Support (LTS) releases of Node.js are designed for stability. Running your apps on LTS (such as Node.js 16, 18, or 20) ensures you avoid breaking changes introduced in experimental versions. Unless you need cutting-edge features, LTS is the safest choice.
2. Keep Dependencies Updated Regularly
Most modern frameworks and build tools release frequent updates to stay compatible with new Node.js versions. Running commands like:
npm outdated
npm updatehelps you catch and upgrade outdated packages before they cause errors.
3. Monitor Release Notes for Node.js and Frameworks
Every Node.js release comes with detailed notes highlighting security and cryptography changes. Skimming through these before upgrading can help you anticipate issues. Similarly, keep an eye on Webpack, Next.js, or React’s changelogs.
4. Use Version Managers for Flexibility
Tools like nvm (Node Version Manager) or n make it easy to switch between Node.js versions. This is especially useful if you work on multiple projects that need different environments.
5. Test in Staging Before Upgrading
If you’re deploying apps, always test new Node.js versions in a staging environment first. That way, you’ll catch errors like this before they hit production.
Following these practices not only prevents this specific error but also helps you maintain a more stable and secure development workflow overall.
Conclusion
The Error:0308010c:digital envelope routines::unsupported in Node.js may look complicated, but it really comes down to a compatibility gap between modern Node.js versions and older build tools. The good news is that it’s easy to fix once you know what’s happening.
If you need a quick solution, using the OpenSSL legacy provider flag or switching back to Node.js 16 LTS will get your project running again. For long-term stability, the best approach is to update Webpack, React, Next.js, or other dependencies so they work smoothly with the latest Node.js releases.
By combining short-term fixes with good practices – like sticking to LTS versions, updating dependencies regularly, and testing upgrades in staging – you can avoid this error in the future and keep your development workflow secure and reliable.
In short: don’t panic when you see Error:0308010c. With the steps in this guide, you’ll be able to resolve it quickly and get back to building your app.
If you are not able to fix it and are still getting it, please comment. I will try to reply ASAP. Happy coding… 🙂
Ankit Kumar is a senior software engineer with 8+ years of experience working on production web applications using React, Angular, Node.js, SAP UI5, and JavaScript. He writes technical articles covering frontend, backend, and server-side topics, with a focus on real-world production issues and performance optimization.
