Matthew C.
—When running your Next.js app, you may get the following error:
Error: error:0308010C:digital envelope routines::unsupported
This error is caused by the version 17 release of Node.js, which added OpenSSL 3.0 to provide cryptographic functions for secure data transmission and storage. You’ll get this error if your application, or a library module in your application, attempts to use an algorithm or key size that is prohibited by default. OpenSSL 3.0 has stronger restrictions on the allowed algorithms and key sizes used.
The following line of code in a server component or API route will cause the error:
import crypto from "crypto"; const hash = crypto.createHash("md4");
Use one of the algorithms allowed by OpenSSL 3.0. For example:
import crypto from "crypto"; const hash = crypto.createHash("SHA256");
The Node crypto
library provides cryptographic functionality and uses OpenSSL’s hash, HMAC, cipher, decipher, sign, and verify functions. The hashing algorithm "md4"
is an algorithm that is not allowed by default with OpenSSL 3.0; it’s part of the OpenSSL list of legacy algorithms. These algorithms are considered legacy as they are considered less secure by the cryptography community.
Webpack may also cause this error. The Webpack configuration output.hashFunction
uses the "md4"
hashing algorithm. Note that this error won’t be an issue with future versions of Next.js as they will soon use Turbopack, which is currently in beta, instead.
Node.js 17 also introduced a new --openssl-legacy-provider
command-line option that allows you to use legacy algorithms as a temporary workaround for this error.
If you are using Webpack and your Webpack version is v5.54.0+, you can change the output.hashFunction
to the faster "xxhash64"
algorithm, which will be used as a default when the config option experiments.futureDefaults
is enabled. If you use Webpack v4, try the "sha256"
or "sha512"
algorithms.
If possible, update to the latest version of Next.js to avoid issues with older versions of Node.
Tasty treats for web developers brought to you by Sentry. Get tips and tricks from Wes Bos and Scott Tolinski.
SEE EPISODESConsidered “not bad” by 4 million developers and more than 100,000 organizations worldwide, Sentry provides code-level observability to many of the world’s best-known companies like Disney, Peloton, Cloudflare, Eventbrite, Slack, Supercell, and Rockstar Games. Each month we process billions of exceptions from the most popular products on the internet.