Skip to content

CAUTION: This site hosts draft documentation for the next release. For published content of the latest release, visit


This option controls the use of OpenSSL native cryptographic support.


Setting value Default
-Djdk.nativeCrypto true yes
-Djdk.nativeCrypto false


OpenSSL support is enabled by default for the Digest, CBC, GCM, RSA, ChaCha20 and ChaCha20-Poly1305, ECDH key agreement, EC key generation, XDH key agreement, and XDH key generation algorithms. If you want to turn off the OpenSSL implementation, set this option to false.

Restriction: Start of content that applies to Java 8 (LTS) The ChaCha20 and ChaCha20-Poly1305 algorithms are not supported on Java™ 8. The XDH key agreement and XDH key generation algorithms also are not supported on Java 8. End of content that applies only to Java 8 (LTS)

If you want to turn off the algorithms individually, use the following system properties: