If you’re facing the Node.js error 0308010C while running a Webpack or React project, you’re not alone. This common OpenSSL issue appears in Node 17+ and newer versions due to updated encryption routines. In this guide, you’ll learn exactly why this happens and how to fix it quickly on Windows, macOS, and Linux.
Node.js Error 0308010C occurs due to changes in OpenSSL handling in newer Node.js versions. It often happens when Webpack or other tools use outdated crypto algorithms or configurations. This error typically appears after upgrading Node.js to v17 or later, as default security policies became more restrictive.
To fix Node.js Error 0308010C in Webpack, update your Webpack version and dependencies. You can also add the flag --openssl-legacy-provider while running build commands:node --openssl-legacy-provider node_modules/webpack/bin/webpack.js.
This enables older crypto algorithms, ensuring compatibility until full upgrades are completed.
A permanent fix for Node.js Error 0308010C involves updating your project’s Webpack, React scripts, and dependencies to the latest versions that fully support new OpenSSL standards. Avoid relying on the legacy provider flag. Ensure your Node.js version and crypto configurations align with the latest security updates.
Error: error:0308010C:digital envelope routines::unsupport
at new Hash (node:internal/crypto/hash:67:19)
at Object.createHash (node:crypto:130:10at module.exports (/Users/itquestionanswer/WebServer/untitled/node_modules/webpack/lib/util/createHash.js:135:53)
at NormalModule._initBuildHash (/Users/itquestionanswer/WebServer/untitled/node_modules/webpack/lib/NormalModule.js:417:16)
at handleParseError (/Users/itquestionanswer/WebServer/untitled/node_modules/webpack/lib/NormalModule.js:471:10)
at /Users/itquestionanswer/node_modules/webpack/lib/NormalModule.js:503:5
at /Users/itquestionanswer/WebServer/untitled/node_modules/webpack/lib/NormalModule.js:358:12
at /Users/itquestionanswer/WebServer/untitled/node_modules/loader-runner/lib/LoaderRunner.js:373:3
at iterateNormalLoaders (/Users/itquestionanswer/WebServer/untitled/node_modules/loader-runner/lib/LoaderRunner.js:214:10)
at iterateNormalLoaders (/Users/itquestionanswer/WebServer/untitled/node_modules/loader-runner/lib/LoaderRunner.js:221:10)
/Users/itquestionanswer/WebServer/untitled/node_modules/react-scripts/scripts/start.js:19
throw err; first download and install nvm, click here to download nvm-windows.
Install the Node.js version that you want.
nvm install 18 3. Change your Node.js version
nvm use 18 4. Check the Node.js versions installed
nvm list Set the NODE_OPTIONS environment variable to –openssl-legacy-provider. To do this, open your terminal and run the below command:
export NODE_OPTIONS=--openssl-legacy-provider Note: this command also used for Linux or Windows Git Bash
If you are seeing crypto errors, like digital envelope routines::unsupported, then it is probably a sign that your version of Node.js doesn’t align with your build tools. JavaScript frameworks tend to receive updates quite frequently, and thus, you should ensure that your packages are up-to-date. Make sure to review that changelog and test your project(s) locally when upgrading Node.js before deploying to production.
While it won’t always apply, it never hurts to also include a .nvmrc file to your projects. This simple file tells whoever clones your project what version of Node should be used, which helps help maximize consistency in user environments. All in all, it helps mitigate the chance of OpenSSL and/or build issues.
If you are utilizing CI/CD pipelines, pay extra mind that your build server also utilizes the same version of Node that you are locally. It doesn’t take a large version difference to break a build, even just one minor version. Consider discontinuing use of older Webpack settings or pre-existing sha crypto libraries. There may be a benefit not only from compatibility, but there can be improved perfomance and security in newer libraries.
For more detailed guides on solving Node.js and Webpack issues, visit IT Question Answer — your trusted source for web development insights.