Skip to content
Latchkey

Node --openssl-legacy-provider ERR_OSSL in CI - Fix Digital Envelope Errors

Node 17+ uses OpenSSL 3, which dropped a legacy hash older Webpack used. A build fails with ERR_OSSL_EVP_UNSUPPORTED until you upgrade the tooling or opt into the legacy provider.

What this error means

npm run build crashes on Node 17 or newer with error:0308010C:digital envelope routines::unsupported, typically from an older Webpack 4 or create-react-app toolchain.

npm
Error: error:0308010C:digital envelope routines::unsupported
  at new Hash (node:internal/crypto/hash:69:19)
  code: 'ERR_OSSL_EVP_UNSUPPORTED'

Common causes

OpenSSL 3 dropped a hash older tooling relies on

Node 17+ ships OpenSSL 3, and old Webpack uses an MD4-based hash that is no longer available by default.

How to fix it

Upgrade the build tooling (preferred)

  1. Upgrade to a Webpack 5 / modern toolchain that uses a supported hash.
  2. This removes the need for the legacy flag entirely.

Set the legacy OpenSSL provider as a stopgap

  1. Set NODE_OPTIONS to enable the legacy provider for the build.
  2. Treat it as temporary until the toolchain is upgraded.
Workflow
env:
  NODE_OPTIONS: --openssl-legacy-provider

How to prevent it

  • Upgrade build tooling to support OpenSSL 3 and pin the Node version, so you do not depend on a deprecated legacy provider flag long term.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →