Node.js 18+ (OpenSSL 3)

Error: error:0308010C:digital envelope routines::unsupported

Error: error:0308010C:digital envelope routines::unsupported

What it means

Node.js 17+ ships OpenSSL 3, which rejects the legacy hashing some older build tools rely on.

Why it happens

OpenSSL 3 disables legacy algorithms (e.g. the MD4-based hashing webpack 4 uses by default). Upgrading a Lambda or container to a Node 18/20/22 runtime surfaces this during a build or in crypto calls.

How to fix it

  1. Durable fix: upgrade the offending tooling to an OpenSSL-3-safe version (e.g. webpack 5, react-scripts 5+).
  2. Stopgap only: set `NODE_OPTIONS=--openssl-legacy-provider` to re-enable the legacy provider — this re-enables weak crypto, so treat it as temporary.
  3. In your own code, replace deprecated hashes (md4/md5 used for security) with sha256.
  4. Rebuild and redeploy on the target Node version.

Related deadline: Lambda Node.js 18 EOL2027-02-01.

Find every instance in your project

The free EOLkits scanner runs in your browser (nothing uploaded) and flags this and related breakages across your IaC and dependency files.

Primary source: https://nodejs.org/api/cli.html#--openssl-legacy-provider

Get the full migration audit — $299, hash-anchored PDF →