Skip to content

CAUTION: This site hosts draft documentation for the next release. For published content of the latest release, visit


(Linux® x86, Linux on POWER® (Little Endian), Linux on AArch64, and Linux on IBM Z® only)

Start of content that applies to Java 11 (LTS) and later This option enables or disables the use of the CRIUSECProvider during the checkpoint phase.


Setting Effect Default
-XX:+CRIUSecProvider Enable yes
-XX:-CRIUSecProvider Disable


When you enable CRIU support (with the -XX:+EnableCRIUSupport option), all the existing security providers are removed from the security provider list during the checkpoint phase and CRIUSECProvider is added. CRIUSECProvider supports only a limited number of cryptography services and therefore, you can use only those security algorithms that are available in CRIUSECProvider.

You can now choose to disable the use of CRIUSECProvider with the -XX:-CRIUSecProvider option and continue to use all the existing security providers during the checkpoint and restore phase. When you use the security algorithms of other security providers, you must have alternative approaches to protect your files, such as initialization before you take checkpoints with nonsensitive data. End of content that applies to Java 11 (LTS) and later

See also