SNMPv3 - error:0308010C:digital envelope routines::unsupported

[xtvdata]

Which node are you reporting an issue on?

node-red-node-snmp

What are the steps to reproduce?

• install the snmp node above
• setup a device with SNMPv3 access
• attempt to pull an OID (simple read)

What happens?

No data is pulled from SNMP device, and the following error is generated:

Error: error:0308010C:digital envelope routines::unsupported

Important: this happens only after upgrade from node 16 to node 18 (required for some new nodes). It looks like it's possibly a dependency issue (see also: https://stackoverflow.com/questions/69692842/error-message-error0308010cdigital-envelope-routinesunsupported).

What do you expect to happen?

Pull the data in the OID and no error.

Please tell us about your environment:

• [X] Node-RED version: 3.1.0
• [X] node.js version: v18.18.2
• [X] npm version: 9.8.1
• [X] Platform/OS: RaspberryPi - bullseye (latest upgrades installed)
• [X] Browser: Safari v17

[Steve-Mcl]

upgrade from node 16 to node 18

As you have performed a node update, did you follow that with npm update in your .node-red directory to permit and compiled modules to be updated?

You may also need to do npm -g update

[xtvdata]

Thanks for the quick feedback. I've just manually forced update/recompliation both at app level and at global level (now npm is at v10.2.1), and restarted node-red.

However, I still get the same error anytime I try to access an SNMPv3 device.

---

Update: I can confirm that I get the same result on a fresh installation (new system and new node-red installation) - tested with node 20 and "bookworm" on this one.

[hardillb]

Just checking by "manually forced update/recompliation" do you mean you ran npm rebuild?

[Steve-Mcl]

Thanks Ben. Yes, copy paste error on my behalf. Op should rebuild.

[xtvdata]

Just checking by "manually forced update/recompliation" do you mean you ran npm rebuild?

Yes, done that too.

I've also attempted to install on a new RPI:

• fresh system installation (bookworm - but the same happens on bullseye),
• fresh node-red installation (with script selecting node20, but the same happens on upgraded v3.1.0 node18 from v3.0.2 node16),
• new simple flow (input -> snmp -> debug) to fetch a single OID via v3 protocol (that was working with node16).

[hardillb]

Can you check what version of net-snmp has been installed as a dependency please

[xtvdata]

Can you check what version of net-snmp has been installed as a dependency please

This is the extract of the package.json for the installed net-snmp in the /home/node-red/.node-red/node_modules/net-snmp directory:

{
  "name": "net-snmp",
  "version": "3.9.7",
  "description": "JavaScript implementation of the Simple Network Management Protocol (SNMP)",
  "main": "index.js",
  ...

[clivegross]

@xtvdata did you resolve this? Are you polling the SNMP v3 device using DES privacy protocol?

I get the same error on a fresh build running:

• node v20.11.1
• node-red v3.1.9
• node-red-node-snmp 2.0.0

But only when "privacy protocol": "DES". No errors using "privacy protocol": "AES".

This is because Node,js 17 and later use OpenSSL 3.0.0. OpenSSL 3.0.0 has marked DES as a "legacy algorithm" and it's disabled by default. While you can enable legacy algorithms in OpenSSL 3.0.0, I don't know if there's a way to do this in the Node.js crypto module, which is used by net-snmp. net-snmp is a dependency of node-red-node-snmp.

In my case, changing the device privacy protocol is not an option, so I think I either need to downgrade or build a node using a different library.