Next.js Error: error:0308010C:digital envelope routines::unsupported
Matthew C.
—The Problem
When running your Next.js app, you may get the following error:
Error: error:0308010C:digital envelope routines::unsupported
This error is caused by the version 17 release of Node.js, which added OpenSSL 3.0 to provide cryptographic functions for secure data transmission and storage. You’ll get this error if your application, or a library module in your application, attempts to use an algorithm or key size that is prohibited by default. OpenSSL 3.0 has stronger restrictions on the allowed algorithms and key sizes used.
The following line of code in a server component or API route will cause the error:
import crypto from "crypto"; const hash = crypto.createHash("md4");
The Solution
Use one of the algorithms allowed by OpenSSL 3.0. For example:
import crypto from "crypto"; const hash = crypto.createHash("SHA256");
The Node crypto library provides cryptographic functionality and uses OpenSSL’s hash, HMAC, cipher, decipher, sign, and verify functions. The hashing algorithm "md4" is an algorithm that is not allowed by default with OpenSSL 3.0; it’s part of the OpenSSL list of legacy algorithms. These algorithms are considered legacy as they are considered less secure by the cryptography community.
Webpack may also cause this error. The Webpack configuration output.hashFunction uses the "md4" hashing algorithm. Note that this error won’t be an issue with future versions of Next.js as they will soon use Turbopack, which is currently in beta, instead.
Node.js 17 also introduced a new --openssl-legacy-provider command-line option that allows you to use legacy algorithms as a temporary workaround for this error.
If you are using Webpack and your Webpack version is v5.54.0+, you can change the output.hashFunction to the faster "xxhash64" algorithm, which will be used as a default when the config option experiments.futureDefaults is enabled. If you use Webpack v4, try the "sha256" or "sha512" algorithms.
If possible, update to the latest version of Next.js to avoid issues with older versions of Node.
- Sentry BlogCommon Errors in Next.js and How to Resolve Them
- Community SeriesDebug Next.js with Sentry
- ResourcesJavaScript Frontend Error Monitoring 101
- Syntax.fmListen to the Syntax Podcast
- Listen to the Syntax Podcast
![Syntax.fm logo]()
Tasty treats for web developers brought to you by Sentry. Get tips and tricks from Wes Bos and Scott Tolinski.
SEE EPISODES
Considered “not bad” by 4 million developers and more than 100,000 organizations worldwide, Sentry provides code-level observability to many of the world’s best-known companies like Disney, Peloton, Cloudflare, Eventbrite, Slack, Supercell, and Rockstar Games. Each month we process billions of exceptions from the most popular products on the internet.
A peek at your privacy
Here’s a quick look at how Sentry handles your personal information (PII).
×Who we collect PII from
We collect PII about people browsing our website, users of the Sentry service, prospective customers, and people who otherwise interact with us.
What if my PII is included in data sent to Sentry by a Sentry customer (e.g., someone using Sentry to monitor their app)? In this case you have to contact the Sentry customer (e.g., the maker of the app). We do not control the data that is sent to us through the Sentry service for the purposes of application monitoring.
Am I included?PII we may collect about you
- PII provided by you and related to your
- Account, profile, and login
- Requests and inquiries
- Purchases
- PII collected from your device and usage
- PII collected from third parties (e.g., social media)
How we use your PII
- To operate our site and service
- To protect and improve our site and service
- To provide customer care and support
- To communicate with you
- For other purposes (that we inform you of at collection)
Third parties who receive your PII
We may disclose your PII to the following type of recipients:
- Subsidiaries and other affiliates
- Service providers
- Partners (go-to-market, analytics)
- Third-party platforms (when you connect them to our service)
- Governmental authorities (where necessary)
- An actual or potential buyer
We use cookies (but not for advertising)
- We do not use advertising or targeting cookies
- We use necessary cookies to run and improve our site and service
- You can disable cookies but this can impact your use or access to certain parts of our site and service
Know your rights
You may have the following rights related to your PII:
- Access, correct, and update
- Object to or restrict processing
- Port over
- Opt-out of marketing
- Be forgotten by Sentry
- Withdraw your consent
- Complain about us
If you have any questions or concerns about your privacy at Sentry, please email us at compliance@sentry.io.
If you are a California resident, see our Supplemental notice.