In this tutorial, I will show you how to fix the error: error:0308010C:digital envelope routines::unsupported.
Once I created a default IntelliJ IDEA React project, I came across that error.
Solution 1: By downgrading Node.js version
Option 1: Downgrade to Node.js v16
a. Reinstall the LTS version of Node.js from the official website.
b. Or, use nvm (Node Version Manager). For Windows, consider nvm-windows.
Option 2: Enable legacy OpenSSL provider
a. On Unix-like systems (Linux, macOS, Git bash, etc.): export NODE_OPTIONS=--openssl-legacy-provider
b. On Windows command prompt: set NODE_OPTIONS=--openssl-legacy-provider
c. On PowerShell: $env:NODE_OPTIONS = "--openssl-legacy-provider"
Solution 2: Updating OpenSSL Provider in React Project
Steps:
- Locate your
package.jsonfile in the root directory of your React project. - Look for the “scripts” section within the
package.jsonfile. - Find the line that starts with
"start": "react-scripts start". - Update it to the following:jsonCopy code
"start": "react-scripts --openssl-legacy-provider start"This change adds the--openssl-legacy-providerflag to thereact-scripts startcommand. - Save the
package.jsonfile.
Now, when you run the npm start command, it will use the --openssl-legacy-provider flag with react-scripts start. This may be necessary if you encounter compatibility issues related to OpenSSL in your React project.
But there is something we should know before we jump into the previous solution.
Read these carefully:
Danger: Addressing SSL Security Risks in Node.js v17 and Beyond
If you’re facing SSL-related issues in Node.js v17 or later, it’s crucial to be aware of potential security threats and avoid quick-fix solutions that compromise your project’s safety. With over 30 answers suggesting downgrading Node.js or utilizing the legacy SSL provider, it’s essential to explore safer alternatives.
Reason for the Error: In Node.js v17, a security vulnerability in the SSL provider was addressed, leading to a breaking change. This change aligned with similar disruptions in SSL packages on NPM. Attempting to use SSL in Node.js v17 or later without upgrading corresponding SSL packages in your package.json can trigger the observed error.
The Correct (Safe) Solution for npm Users: Opt for an updated version of Node.js and ensure your packages are current with security fixes. While the following npm command may resolve the issue for many:
npm audit fix --force
Be cautious, as this command might introduce breaking security fixes that could potentially disrupt complex builds.
Note for Yarn Users: Yarn users can leverage yarn-audit-fix without installing it as a dependency. Execute the following command:
npm_config_yes=true npx yarn-audit-fix
Or in Windows PowerShell:
$env:npm_config_yes = 1; npx yarn-audit-fix
A Less Heavy-Handed (Yet Correct) Solution for Webpack: If you’re using Webpack, consider adjusting your Webpack config with either of the following, depending on your Webpack version:
A. (Webpack v5): Set output.hashFunction to 'xxhash64'. B. (Webpack v4): Depending on the hash algorithms supported by your system, try options like output.hashFunction = 'sha512' or output.hashFunction = 'sha256'. Refer to the output.hashFunction documentation for details.
Prioritize security and choose solutions that maintain the integrity of your project’s build process while addressing SSL concerns in Node.js.