-Djdk.nativeCrypto

This option controls the use of OpenSSL native cryptographic support.

Syntax

    -Djdk.nativeCrypto=[true|false]

Setting	value	Default
-Djdk.nativeCrypto	true	yes
-Djdk.nativeCrypto	false

Explanation

OpenSSL support is enabled by default for the following algorithms:

• CBC
• ChaCha20 and ChaCha20-Poly1305
• ECDH key agreement
• ECDSA signature
• EC key generation
• GCM
• MD5
• PBE cipher
• PBKDF2
• RSA
• SHA-1
• SHA-224
• SHA-256
• SHA-384
• SHA-512
• SHA-512/224
• SHA-512/256
• XDH key agreement
• XDH key generation

If you want to turn off the OpenSSL implementation, set the -Djdk.nativeCrypto option to false.

Restrictions:

• The ChaCha20 and ChaCha20-Poly1305 algorithms are not supported on Java™ 8. The XDH key agreement and XDH key generation algorithms also are not supported on Java 8.

• OpenSSL native cryptographic support is not available for the following algorithms on AIX®:

  • EC key generation (-Djdk.nativeECKeyGen)
  • MD5 (part of -Djdk.nativeDigest)
  • XDH key generation (-Djdk.nativeXDHKeyGen)
  • XDH key agreement (-Djdk.nativeXDHKeyAgreement)

If you want to turn off the algorithms individually, use the following system properties:

• -Djdk.nativeCBC
• -Djdk.nativeChaCha20 ( Not supported on Java 8. )
• -Djdk.nativeDigest
• -Djdk.nativeEC
• -Djdk.nativeECDSA
• -Djdk.nativeECKeyGen
• -Djdk.nativeGCM
• -Djdk.nativeMD5
• -Djdk.nativePBE
• -Djdk.nativePBKDF2
• -Djdk.nativeRSA
• -Djdk.nativeSHA
• -Djdk.nativeSHA224
• -Djdk.nativeSHA256
• -Djdk.nativeSHA384
• -Djdk.nativeSHA512
• -Djdk.nativeSHA512_224
• -Djdk.nativeSHA512_256
• -Djdk.nativeXDHKeyAgreement
• -Djdk.nativeXDHKeyGen