155

I'm having an issue with a Webpack build process that suddenly broke, resulting in the following error...

<s> [webpack.Progress] 10% building 0/1 entries 0/0 dependencies 0/0 modules
node:internal/crypto/hash:67
  this[kHandle] = new _Hash(algorithm, xofLen);
                  ^

Error: error:0308010C:digital envelope routines::unsupported
    at new Hash (node:internal/crypto/hash:67:19)
    at Object.createHash (node:crypto:130:10)
    at BulkUpdateDecorator.hashFactory (/app/node_modules/webpack/lib/util/createHash.js:155:18)
    at BulkUpdateDecorator.update (/app/node_modules/webpack/lib/util/createHash.js:46:50)
    at OriginalSource.updateHash (/app/node_modules/webpack-sources/lib/OriginalSource.js:131:8)
    at NormalModule._initBuildHash (/app/node_modules/webpack/lib/NormalModule.js:888:17)
    at handleParseResult (/app/node_modules/webpack/lib/NormalModule.js:954:10)
    at /app/node_modules/webpack/lib/NormalModule.js:1048:4
    at processResult (/app/node_modules/webpack/lib/NormalModule.js:763:11)
    at /app/node_modules/webpack/lib/NormalModule.js:827:5 {
  opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
  library: 'digital envelope routines',
  reason: 'unsupported',
  code: 'ERR_OSSL_EVP_UNSUPPORTED'
}
command terminated with exit code 1

I've tried googling ERR_OSSL_EVP_UNSUPPORTED webpack which yielded almost no useful results, but it did highlight an issue using MD4 as provided by OpenSSL (which is apparently deprecated?) to generate hashes.

The webpack.config.js code is as follows:

const path = require('path');
const webpack = require('webpack');

/*
 * SplitChunksPlugin is enabled by default and replaced
 * deprecated CommonsChunkPlugin. It automatically identifies modules which
 * should be splitted of chunk by heuristics using module duplication count and
 * module category (i. e. node_modules). And splits the chunks…
 *
 * It is safe to remove "splitChunks" from the generated configuration
 * and was added as an educational example.
 *
 * https://webpack.js.org/plugins/split-chunks-plugin/
 *
 */

/*
 * We've enabled TerserPlugin for you! This minifies your app
 * in order to load faster and run less javascript.
 *
 * https://github.com/webpack-contrib/terser-webpack-plugin
 *
 */

const TerserPlugin = require('terser-webpack-plugin');

module.exports = {
    mode: 'development',
    entry: './src/js/scripts.js',

    output: {
        path: path.resolve(__dirname, 'js'),
        filename: 'scripts.js'
    },

    devtool: 'source-map',

    plugins: [new webpack.ProgressPlugin()],

    module: {
        rules: []
    },

    optimization: {
        minimizer: [new TerserPlugin()],

        splitChunks: {
            cacheGroups: {
                vendors: {
                    priority: -10,
                    test: /[\\/]node_modules[\\/]/
                }
            },

            chunks: 'async',
            minChunks: 1,
            minSize: 30000,
            name: 'true'
        }
    }
};

How do I change the hashing algorithm used by Webpack to something else?

Jan
  • 7,018
  • 5
  • 43
  • 70
Ryan Brownell
  • 2,021
  • 2
  • 3
  • 8

12 Answers12

160

I was able to fix it via:

export NODE_OPTIONS=--openssl-legacy-provider

sachaw's comment to Node.js v17.0.0 - Error starting project in development mode #30078

But they say they fixed it: ijjk's comment to Node.js v17.0.0 - Error starting project in development mode #30078:

Hi, this has been updated in v11.1.3-canary.89 of Next.js, please update and give it a try!

For me, it worked only with the annotation above.

I also want to point out that npm run start works with -openssl-legacy-provider, but npm run dev won't.

It seems that there is a patch: Node.js 17: digital envelope routines::unsupported #14532

I personally downgraded to 16-alpine.

Peter Mortensen
  • 30,030
  • 21
  • 100
  • 124
Jan
  • 7,018
  • 5
  • 43
  • 70
129

I had this problem too. I'd accidentally been running on the latest Node.js (17.0 at time of writing), not the LTS version (14.18) which I'd meant to install. Downgrading my Node.js install to the LTS version fixed the problem for me.

Peter Mortensen
  • 30,030
  • 21
  • 100
  • 124
Benjamin Hodgson
  • 40,784
  • 15
  • 106
  • 151
37

There is a hashing algorithm that comes with Webpack v5.54.0+ that does not rely on OpenSSL.

To use this hash function that relies on a npm-provided dependency instead of an operating system-provided dependency, modify the webpack.config.cjs output key to include the hashFunction: "xxhash64" option.

module.exports = {
    output: {
        hashFunction: "xxhash64"
    }
};
Peter Mortensen
  • 30,030
  • 21
  • 100
  • 124
Ryan Brownell
  • 2,021
  • 2
  • 3
  • 8
25

Ryan Brownell's answer is the ideal solution if you are using Webpack v5.54.0+.

If you're using an older version of Webpack, you can still solve this by changing the hash function to one that is not deprecated. (It defaults to the ancient md4, which OpenSSL has removed support for, which is the root cause of the error.) The supported algorithms are any supported by crypto.createHash. For example, to use SHA-256:

module.exports = {
    output: {
        hashFunction: "sha256"
    }
};

Finally, if you are unable to change the Webpack configuration (e.g., if it's a transitive dependency which is running Webpack), you can enable OpenSSL's legacy provider to temporarily enable MD4 during the Webpack build. This is a last resort. Create a file openssl.cnf with this content…

openssl_conf = openssl_init

[openssl_init]
providers = provider_sect

[provider_sect]
default = default_sect
legacy = legacy_sect

[default_sect]
activate = 1

[legacy_sect]
activate = 1

…and then set the environment variable OPENSSL_CONF to the path to that file when running Webpack.

jbg
  • 4,195
  • 1
  • 22
  • 30
  • 4
    Turns out that the `hashFunction` fix can help. but it might be insufficient: the ConcatenatedModule optimizer in Webpack 4.x [hardcodes the use of MD4](https://github.com/webpack/webpack/blob/3956274f1eada621e105208dcab4608883cdfdb2/lib/optimize/ConcatenatedModule.js#L563), so if your build process uses it, you might need to go the `openssl.cnf` route. I think this might be the general case for Vue CLI 4.x projects. – Peter Oct 21 '21 at 15:23
  • worked like a charm! – Jack Feb 20 '22 at 05:02
16

It is not my answer really, but I found this workaround /hack/ to fix my problem Code Check in for a GitHub project... see the bug comments here.

I ran into ERR_OSSL_EVP_UNSUPPORTED after updating with npm install.

I added the following to node_modules\react-scripts\config\webpack.config.js

const crypto = require("crypto");
const crypto_orig_createHash = crypto.createHash;
crypto.createHash = algorithm => crypto_orig_createHash(algorithm == "md4" ? "sha256" : algorithm);

I tried Ryan Brownell's solution and ended up with a different error, but this worked...

Peter Mortensen
  • 30,030
  • 21
  • 100
  • 124
Cheshiremoe
  • 270
  • 2
  • 12
  • 1
    This worked fine for me in Webpack4. I'm bouncing between 12LTS / 17 and this is a big time saver. – Daniel B. Chapman Oct 23 '21 at 23:34
  • This should be the accepted answer in 2021. Thank you for describing the folder location of the file as well. It solved my issue. I had previously tried the solution that exports variables to the environment and it caused VSCode to no longer load. So this solves it without globally compromising other programs. – Terry Nov 05 '21 at 15:57
  • Thank you very much this fix worked! – joekevinrayan96 Dec 21 '21 at 14:44
15

This error is mentioned in the release notes for Node.js 17.0.0, with a suggested workaround:

If you hit an ERR_OSSL_EVP_UNSUPPORTED error in your application with Node.js 17, it’s likely that your application or a module you’re using is attempting to use an algorithm or key size which is no longer allowed by default with OpenSSL 3.0. A command-line option, --openssl-legacy-provider, has been added to revert to the legacy provider as a temporary workaround for these tightened restrictions.

Peter Mortensen
  • 30,030
  • 21
  • 100
  • 124
Patrik Erdes
  • 177
  • 6
6

I ran into this issue using Laravel Mix (Webpack) and was able to fix it within file package.json by adding in the NODE_OPTIONS=--openssl-legacy-provider (referenced in Jan's answer) to the beginning of the script:

package.json:

{
  "private": true,
  "scripts": {
    "production": "cross-env NODE_ENV=production NODE_OPTIONS=--openssl-legacy-provider  node_modules/webpack/bin/webpack.js --progress --hide-modules --config=node_modules/laravel-mix/setup/webpack.config.js"
  },
  "dependencies": {
    ...
  }
}
Peter Mortensen
  • 30,030
  • 21
  • 100
  • 124
plabbett
  • 61
  • 3
6

Try upgrading your Webpack version to 5.62.2.

Peter Mortensen
  • 30,030
  • 21
  • 100
  • 124
Ashiq Mohamed
  • 61
  • 1
5

I had the same problem with my Vue.js project and I solved it.

macOS and Linux

  1. You should have installed NVM (Node Version Manager). If you never had before, just run this command in your terminal:

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash

  1. Open your project

  2. Open the terminal in your project

  3. Run the command nvm install 16.13.0 or any older version

  4. After the installation is completed, run nvm use 16.13.0

Peter Mortensen
  • 30,030
  • 21
  • 100
  • 124
developer1996
  • 718
  • 2
  • 12
  • 21
4

This means that you have the latest Node.js version. If you are using it for Docker then you need to change the image from

FROM node

to

FROM node:14
Peter Mortensen
  • 30,030
  • 21
  • 100
  • 124
abdullah gharbain
  • 119
  • 4
2

I faced the same challenge but you just need to downgrade node.js to version 16.13 and everything works well. Download LTS not current on https://nodejs.org/en/download/

grace mutore
  • 21
  • 1
1

I faced the same problem in a project I developed with Next.js. For the solution, I ran the project as follows and I solved the problem.

cross-env NODE_OPTIONS='--openssl-legacy-provider' next dev
Peter Mortensen
  • 30,030
  • 21
  • 100
  • 124
Deniz Dizi
  • 11
  • 1