Skip to content


Subversion checkout URL

You can clone with
Download ZIP


node-crypto : Unknown message digest sha256 #280

timoxley opened this Issue · 15 comments

6 participants


I am having this issue with the error:
"node-crypto : Unknown message digest sha256"
when trying to use connect/express sessions.

node 0.4.7,
express 2.3.4,
OSX 10.5.8,

I recompiled node after compiling and installing latest openssl. Still an issue.

Possible duplicate of #249


Simplest express app exhibiting the issue:

var express = require('express'),
    app = express.createServer();

app.use(express.session({ secret: "string" }));
app.get('/', function(req, res){


Full error output on visiting localhost:3000/:

node-crypto : Unknown message digest sha256 
Error: hmac error
    at Object.createHmac (crypto.js:103:21)
    at MemoryStore.hash (/Users/timoxley/node_modules/express/node_modules/connect/lib/middleware/session.js:224:8)
    at MemoryStore.generate (/Users/timoxley/node_modules/express/node_modules/connect/lib/middleware/session.js:233:40)
    at generate (/Users/timoxley/node_modules/express/node_modules/connect/lib/middleware/session.js:295:13)
    at Object.session [as handle] (/Users/timoxley/node_modules/express/node_modules/connect/lib/middleware/session.js:303:7)
    at next (/Users/timoxley/node_modules/express/node_modules/connect/lib/http.js:204:15)
    at Object.cookieParser [as handle] (/Users/timoxley/node_modules/express/node_modules/connect/lib/middleware/cookieParser.js:44:5)
    at next (/Users/timoxley/node_modules/express/node_modules/connect/lib/http.js:204:15)
    at Object.handle (/Users/timoxley/node_modules/express/lib/http.js:83:5)
    at next (/Users/timoxley/node_modules/express/node_modules/connect/lib/http.js:204:15)

Looks like session hashing has recently changed from md5 to sha256:

Apparently, compared to sha256, bcrypt is the bees knees though:

Perhaps a two birds one stone approach would be to increase connect's overall security by modifying the hashing function to use bcrypt instead, there's even a node lib for it:

tj commented

I'm happy with making it configurable, but I dont want to depend on c++ for core connect


Sounds perfect.


something about this crypto stuff seems to have broken the latest node install script for me as well:

[73/75] cxx: src/ -> build/default/src/platform_darwin_4.o
[74/75] cxx: src/ -> build/default/src/node_crypto_4.o
../src/ In function ‘void node::crypto::InitCrypto(v8::Handle<v8::Object>)’:
../src/ error: ‘SSL_COMP_get_compression_methods’ was not declared in this scope
Waf: Leaving directory `/private/tmp/homebrew-node-0.4.8-0UNy/node-v0.4.8/build'
Build failed:  -> task failed (err #1): 
{task: cxx -> node_crypto_4.o}


tj commented

homebrew might be the issue, it sucks


same issue with n. Going to upgrade to 10.6 asap, see if that fixes it


did you ever get this issue resolved?


Currently waiting for snow leopard to be delivered. Looks like this guy had the same issue:!/iantruslove No idea if 10.6 will fix it, perhaps upgrading xcode will help as well


Apparently this is a fix, haven't tried yet though:
Getting a bit OT.


I am also running leopard. i installed node on my snow leopard imac and everything went over smooth. i guess it is the outdated os...


@secoif nodejs/node-v0.x-archive#1242 <- does the patch in that issue fix the SSL_COMP_get_compression_methods build error?


Not sure, I've upgraded to snow leopard now and everything works as expected. Would need to track down a leopard box to test on.


Is the resolution to this bug to upgrade the os?

I'm currently on osx 10.5.8 and I've also tried but still no joy.


For me, method described in worked.

It was a bit odd. Upgrading to "openssl-1.0.0e" and reinstalled node.js didn't work.
Upgraded to "openssl-1.0.0d" and installed node with brew worked.

@tj tj closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.