How to Resolve ERR_OSSL_EVP_UNSUPPORTED Error?

What is ERR_OSSL_EVP_UNSUPPORTED ERROR?

The ERR_OSSL_EVP_UNSUPPORTED error in OpenSSL stands for the fact that the specified cryptographic algorithm or operation is not supported by the CRL cryptographic library on which OpenSSL is based.

This error arises when an application needs to use an encryption, decryption, signing or verification algorithm not supported or implemented by the version of OpenSSL being used.

This may occur as a result of or when the application programs make use of old algorithms or non-standard implementations or when the required cryptographic modules have not been compiled into OpenSSL during the build process.

What Causes the ERR OSSL EVP UNSUPPORTED Error?

Unsupported Algorithm

The ERR_OSSL_EVP_UNSUPPORTED error may occur when an application tries to call a cryptographic encryption algorithm that is not supported or the built-in OpenSSL version being used.

This may happen if the application uses some left-shifted or non-standard algorithms that are not visible to the library.

OpenSSL is constantly enhancing and adding the support for different Cryptographic algorithms, however there could be some older or relatively less used algorithms which are not supported in the latest versions.

Promoting the use of supported and standard algorithms on the application will help in avoiding this error.

Incorrect OpenSSL Version

There is yet another possible reason is an improperly installed version of OpenSSL.

Some of the cryptographic algorithms are only implemented in certain versions of the OpenSSL, and any other version less than this will lead to this error.

To ensure that specific algorithms are supported within the OpenSSL version used, developers should check their version of OpenSSL.

By using the latest version of this software which offers support of the richest number of cryptographic algorithms normally helps to solve this problem.

Misconfigured OpenSSL Installation

The error can also occur when OpenSSL has been poorly installed or set up on the server used for the database.

Thus, during the OpenSSL configuration and compilation stage, some of the algorithms on the list can be omitted if the required modules or libraries are not installed or if they are disabled for use.

This can be caused by misconfiguration of the operating system, its services, libraries or other factors that may be missed during the original construction of the framework.

As for the practical approach, careful configuration of OpenSSL and its compilation with all necessary modules and libraries can minimize a chance of this error.

For this reason, one must verify all the configuration options possible and ensure that the installation included all necessary modules for cryptographic work.

Missing Libraries

Cryptography algorithms might depend on some libraries, which may be missing or poorly linked, resulting in the ERR_OSSL_EVP_UNSUPPORTED error.

OpenSSL depends on different external-libraries for various types of cryptographic functions, and if these libraries are not linked properly or are missing then the necessary algorithms would not be available in the OpenSSL library.

Developers should verify if all libraries necessary for build in the system are installed and get linked correctly. Ensuring that the system is free of missing dependencies and free from linkage problems can also be a solution to this flaw.

Code Issues

It may occur due to errors in the application code. For example, providing wrong algorithm identifiers or trying to use algorithms that are not available on the OpenSSL used can cause this error.

Programmers should read over the code with great attention to verify that it correctly states the supported algorithms and complies with the OpenSSL API.

Error checking and validating algorithm ID can assist in correcting these coding problems and make them compatible with the existing cryptographic operations.

How to Fix the ERR_OSSL_EVP_UNSUPPORTED Error?

Enable OpenSSL 3.0 Legacy Provider

OpenSSL 3. 0 introduced a new provider-based architecture, so to be precise some algorithms listed here by default can be in the legacy provider. In order to enable the legacy provider you are able to change your OpenSSL configuration file or you are able to do it programmatically.

OpenSSL Configuration:

Here are some lines that need to be added to your openssl configuration file, (openssl.cnf):

openssl_conf = openssl_init

[openssl_init]
providers = provider_sect

[provider_sect]
default = default_sect
legacy = legacy_sect

[default_sect]
activate = 1

[legacy_sect]
activate = 1

Programmatically (in your code):

#include <openssl/provider.h>
int main() {

            OSSL_PROVIDER *legacy;
            legacy = OSSL_PROVIDER_load(NULL, "legacy");
            if (legacy == NULL) {
                        fprintf(stderr, "Failed to load legacy provider\n");
                        exit(EXIT_FAILURE);
            }
            // Rest of your code
}

Upgrade Your Development Tools

Make sure that the development tools you are using such as Node. Such as js, Python or other runtime environments, are up-to-date. Outdated releases may also turn out not to work well with the current version of OpenSSL.

Node.js Example: Update Node.js to the latest version:

nvm install node
nvm use node

Manually Update OpenSSL

When run independently, it is possible and advisable to upgrade OpenSSL manually to fix compatibility problems. Visit the OpenSSL website and download the most recent stable version and build it.

Example for Linux:

wget https://www.openssl.org/source/openssl-3.0.0.tar.gz
tar -xf openssl-3.0.0.tar.gz
cd openssl-3.0.0
./config
make
sudo make install

Use Supported Algorithms

Check the algorithms you use and make sure they are supported on your version of OpenSSL. The older algorithm or algorithms that are not widely used may not be available in newer editions.

Example: Replace deprecated algorithms with supported ones. For instance, replace MD5 with SHA-256:

const crypto = require('crypto');
const hash = crypto.createHash('sha256');
hash.update('some data to hash');
console.log(hash.digest('hex'));

Install Compatibility Packages

In case of systems that are needed to be compatible with older packages, one may have to first get packages that support legacy systems.

Example for Ubuntu:

sudo apt-get install libssl1.1

Set Node.js Environment Variable

For Node.js applications, setting the environment variable NODE_OPTIONS can sometimes resolve OpenSSL-related issues.

Example:

export NODE_OPTIONS=--openssl-legacy-provider
node your_app.js

Review Application Code

Check that your application code does not use call openssl functions or routines which have been marked as depreciated or unsupported. Update your code to the modern approach of cryptography.

Example: Instead of using deprecated crypto.createCipher, use crypto.createCipheriv:

const crypto = require('crypto');
const algorithm = 'aes-192-cbc';
const password = 'Password used to generate key';

// Generate a key from the password
crypto.scrypt(password, 'salt', 24, (err, key) => {
            if (err) throw err;

// Use a random initialization vector
            const iv = Buffer.alloc(16, 0); // Initialization vector.
            const cipher = crypto.createCipheriv(algorithm, key, iv);

let encrypted = '';
            cipher.on('readable', () => {
                        let chunk;
                        while (null !== (chunk = cipher.read())) {
                                    encrypted += chunk.toString('hex');
                        }
             });
            cipher.on('end', () => {
                        console.log(encrypted);
            });
            cipher.write('some clear text data');
            cipher.end();
});

Conclusion

Keep your online presence safe and protected with CheapSSLWeb solutions! Save time and money on SSL certificates and protect your website from malicious attacks that make it doubtful. Do not take risks – secure your data and build the trust of your visitors from today.