Skip to content

CAUTION: This site hosts draft documentation for the next release. For published content of the latest release, visit


This option controls the use of OpenSSL native cryptographic support.


Setting value Default
-Djdk.nativeCrypto true yes
-Djdk.nativeCrypto false


OpenSSL support is enabled by default for the following algorithms:

  • CBC
  • ChaCha20 and ChaCha20-Poly1305
  • EC key generation
  • ECDH key agreement
  • GCM
  • MD5
  • RSA
  • SHA-224
  • SHA-256
  • SHA-384
  • SHA-512
  • XDH key agreement
  • XDH key generation

If you want to turn off the OpenSSL implementation, set the -Djdk.nativeCrypto option to false.


  • Start of content that applies to Java 8 (LTS) The ChaCha20 and ChaCha20-Poly1305 algorithms are not supported on Java™ 8. The XDH key agreement and XDH key generation algorithms also are not supported on Java 8. End of content that applies only to Java 8 (LTS)
  • OpenSSL native cryptographic support is not available for the following algorithms on AIX®:

    • EC key generation (-Djdk.nativeECKeyGen)
    • MD5 (part of -Djdk.nativeDigest)
    • XDH key generation (-Djdk.nativeXDHKeyGen)
    • XDH key agreement (-Djdk.nativeXDHKeyAgreement)

If you want to turn off the algorithms individually, use the following system properties: