Skip to content

CAUTION: This site hosts draft documentation for the next release. For published content of the latest release, visit www.eclipse.org/openj9/docs

-Djdk.nativeCrypto

This option controls the use of OpenSSL native cryptographic support.

Syntax

    -Djdk.nativeCrypto=[true|false]
Setting value Default
-Djdk.nativeCrypto true yes
-Djdk.nativeCrypto false

Explanation

OpenSSL support is enabled by default for the following algorithms:

  • CBC
  • ChaCha20 and ChaCha20-Poly1305
  • EC key generation
  • ECDH key agreement
  • GCM
  • MD5
  • RSA
  • SHA-224
  • SHA-256
  • SHA-384
  • SHA-512
  • XDH key agreement
  • XDH key generation

If you want to turn off the OpenSSL implementation, set the -Djdk.nativeCrypto option to false.

Restrictions:

  • Start of content that applies to Java 8 (LTS) The ChaCha20 and ChaCha20-Poly1305 algorithms are not supported on Java™ 8. The XDH key agreement and XDH key generation algorithms also are not supported on Java 8. End of content that applies only to Java 8 (LTS)

  • OpenSSL native cryptographic support is not available for the following algorithms on AIX®:

    • EC key generation (-Djdk.nativeECKeyGen)
    • MD5 (part of -Djdk.nativeDigest)
    • XDH key generation (-Djdk.nativeXDHKeyGen)
    • XDH key agreement (-Djdk.nativeXDHKeyAgreement)

If you want to turn off the algorithms individually, use the following system properties: