The ERR_OSSL_EVP_UNSUPPORTED error emerges when Node.js or OpenSSL performs an unsupported cryptographic operation because of outdated libraries or version conflicts or strict security policies. The solution involves updating Node.js or adjusting OpenSSL configurations or modifying package.json to enable legacy algorithms. Developers encounter this error most often when working on React applications as well as Angular projects and backend development. The solution of this error enables uninterrupted application operation.
The following section describes the causes of ERR_OSSL_EVP_UNSUPPORTED errors and provides step-by-step procedures to resolve these issues efficiently.
What Causes the ERR_OSSL_EVP_UNSUPPORTED Error?
This error occurs when:
- The Node.js version 17 and later with OpenSSL 3.0 disables all legacy encryption algorithms including MD4 and MD5 as well as weak ciphers.
- The error occurs when a dependency or script attempts to use an SSL/TLS method that is not supported.
- The system or Docker environment contains OpenSSL versions that create conflicts.
Common triggers:
- The npm start command generates this error when used in React/Next.js applications.
- Using older libraries like webpack-dev-server
- The deployment of Node.js applications through Docker constitutes another common trigger.
5 Ways to Fix ERR_OSSL_EVP_UNSUPPORTED
- Set Node.js Legacy OpenSSL Provider (Quick Fix)
- Downgrade Node.js to v16 (Stable LTS Version)
- Update Dependencies (webpack, react-scripts, etc.)
- Modify OpenSSL Configuration (Advanced Users)
- Use Docker with OpenSSL 1.1.1 (For Containerized Apps)
Fix 1: Set Node.js Legacy OpenSSL Provider (Quick Fix)
Add this environment variable before running your app:
export NODE_OPTIONS=--openssl-legacy-provider
For Windows (CMD/PowerShell):
set NODE_OPTIONS=--openssl-legacy-provider
For package.json (React/Angular):
When to use this:
- Temporary local development
- Quick testing
- When you can’t immediately update dependencies
Limitations:
- Not recommended for production
- Bypasses important security restrictions
- May not work with all Node.js versions
Fix 2: Downgrade Node.js to v16 (Stable LTS Version)
If you’re on Node 18+, downgrade to v16 (which uses OpenSSL 1.1.1):
nvm install 16 nvm use 16
Fix 3: Update Dependencies (webpack, react-scripts, etc.)
Some older packages rely on deprecated SSL methods. Update them:
npm update webpack webpack-cli webpack-dev-server --latest npm update react-scripts --latest
Fix 4: Modify OpenSSL Configuration (Advanced Users)
For production environments where you need specific algorithms:
- Create openssl.cnf:
openssl_conf = openssl_init [openssl_init] providers = provider_sect [provider_sect] default = default_sect legacy = legacy_sect [default_sect] activate = 1 [legacy_sect] activate = 1
- Run Node.js with:
OPENSSL_CONF=/path/to/openssl.cnf node your-app.js
Fix 5: Use Docker with OpenSSL 1.1.1 (For Containerized Apps)
In your Dockerfile, force OpenSSL 1.1.1:
FROM node:16-bullseye # Uses OpenSSL 1.1.1 RUN apt-get update && apt-get install -y openssl
Final Thoughts
The ERR_OSSL_EVP_UNSUPPORTED error occurs when Node.js v17+ blocks outdated SSL algorithms—a security upgrade that breaks legacy code. The fastest fix is adding NODE_OPTIONS=–openssl-legacy-provider, but for lasting stability, upgrade dependencies and migrate to modern encryption like SHA-256. This error commonly affects React, Next.js, and Docker setups using older Webpack or crypto libraries. By switching to Node.js LTS versions and auditing dependencies, developers can resolve this issue while future-proofing their projects against similar security-related breaking changes in OpenSSL 3.0+.
FAQ: Common Questions About Mac Certificate Errors
How to resolve err_ossl_evp_unsupported?
Users can resolve the ERR_OSSL_EVP_UNSUPPORTED error by setting the Node.js environment variable with this OpenSSL command: “export NODE_OPTIONS=–openssl-legacy-provider”. This error happens in Node.js versions 17 and above due to OpenSSL changes.
How do I fix an npm install error?
Users can fix npm install errors by clearing the npm cache with “npm cache clean –force”. Then run “npm install” again. If the error persists, delete the node_modules folder and package-lock.json file before reinstalling.
How to fix ERR_OSSL_EVP_UNSUPPORTED error in Next JS?
Next.js users can fix this error by adding “export SET NODE_OPTIONS=–openssl-legacy-provider” in Windows or “export NODE_OPTIONS=–openssl-legacy-provider” in Linux/Mac. Add this line to your package.json scripts for a permanent fix.
How to fix “npm start” error code: ‘ERR_OSSL_EVP_UNSUPPORTED’?
Users can fix this npm start error by downgrading Node.js to version 16.x. Alternatively, add “SET NODE_OPTIONS=–openssl-legacy-provider” before the start command in package.json scripts section.
What causes the ERR_OSSL_EVP_UNSUPPORTED error?
This error occurs because Node.js versions 17+ use OpenSSL 3.0, which removes legacy encryption methods. Older projects may still use these deprecated methods, causing compatibility issues.
Priya Mervana
Verified Web Security Experts
Priya Mervana is working at SSLInsights.com as a web security expert with over 10 years of experience writing about encryption, SSL certificates, and online privacy. She aims to make complex security topics easily understandable for everyday internet users.
