node-http-ntlm: Stopped working with Node LTS 18? ("Error: error:0308010C:digital envelope routines::unsupported")
Hello,
when I try to run some code, that uses node-http-ntlm, using the latest Node LTS (currently v18.12.1) it results in an error:
node:internal/crypto/cipher:116
this[kHandle].initiv(cipher, credential, iv, authTagLength);
^
Error: error:0308010C:digital envelope routines::unsupported
at Cipheriv.createCipherBase (node:internal/crypto/cipher:116:19)
at Cipheriv.createCipherWithIV (node:internal/crypto/cipher:135:3)
at new Cipheriv (node:internal/crypto/cipher:243:3)
at Object.createCipheriv (node:crypto:141:10)
at encrypt (C:\folder\node_modules\httpntlm\ntlm.js:265:20)
at create_LM_hashed_password_v1 (C:\folder\node_modules\httpntlm\ntlm.js:269:27)
at Object.createType3Message (C:\folder\node_modules\httpntlm\ntlm.js:181:70)
at sendType3Message (C:\folder\node_modules\httpntlm\httpntlm.js:77:23)
at Immediate.<anonymous> (C:\folder\node_modules\httpntlm\httpntlm.js:101:4)
at process.processImmediate (node:internal/timers:471:21) {
library: 'digital envelope routines',
reason: 'unsupported',
code: 'ERR_OSSL_EVP_UNSUPPORTED'
}
Node.js v18.12.1
Running the same code with the previous LTS (v16) I am not experience that issue.
According to [1], it seems to be having to do with some breaking change that happened in node.js v17 related to openssl. A “workaround” apparently is to use “–openssl-legacy-provider” with node or downgrading to v16 - both of which do not feel like a “real solution”.
Is anyone else experiencing the same issue with node v18, or is it just me?
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 27 (11 by maintainers)
Commits related to this issue
- fix(ntlm): use des.js and js-md4 packages for removed openssl functions Closes #103 — committed to skrtheboss/node-http-ntlm by skrtheboss a year ago
- fix(ntlm): use des.js and js-md4 packages for removed openssl functions Closes #103 — committed to skrtheboss/node-http-ntlm by skrtheboss a year ago
- Add support for node 18 Upgrade to node 18 is blocked on https://github.com/SamDecrock/node-http-ntlm/issues/103 https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V17.md#openssl-30 — committed to StadGent/node_service_adlib-backend by MPParsley a year ago
- Replace deprecated md4 and des functions, fixing #103 — committed to SamDecrock/node-http-ntlm by SamDecrock a year ago
- Update version of httpntlm dependency to support nodejs v18 Original issue: https://github.com/SamDecrock/node-http-ntlm/issues/103 — committed to bogushevich/nodemailer-ntlm-auth by bogushevich a year ago
Perfect, thank you for your time/feedback.
@skrtheboss , I have verified its working now . Thank you
Hi @arzooChhatani, i have created new npm packages, since i could not wait for this to be released.
Let me know if they work out for you, or if you have any suggestions/issues.
@SamDecrock , any plan to handle this ?
After some debugging I found, that the problem relies in those two blocks:
https://github.com/SamDecrock/node-http-ntlm/blob/7058d3482a95bdf7f8686653a9e361d6f3abd20d/ntlm.js#L366-L371 https://github.com/SamDecrock/node-http-ntlm/blob/7058d3482a95bdf7f8686653a9e361d6f3abd20d/ntlm.js#L373-L391
One is using
md4and the otherDES-ECBwhich have both been removed in the default provider of OpensslV3, see https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers.