-Djdk.nativeCrypto

This option controls the use of OpenSSL native cryptographic support.

Syntax

    -Djdk.nativeCrypto=[true|false]

Setting	value	Default
-Djdk.nativeCrypto	true	yes
-Djdk.nativeCrypto	false

Explanation

OpenSSL support is enabled by default for the following algorithms:

• CBC
• ChaCha20 and ChaCha20-Poly1305
• EC key generation
• ECDH key agreement
• GCM
• MD5
• RSA
• SHA-224
• SHA-256
• SHA-384
• SHA-512
• XDH key agreement
• XDH key generation

If you want to turn off the OpenSSL implementation, set the -Djdk.nativeCrypto option to false.

Restrictions:

• The ChaCha20 and ChaCha20-Poly1305 algorithms are not supported on Java™ 8. The XDH key agreement and XDH key generation algorithms also are not supported on Java 8.

• OpenSSL native cryptographic support is not available for the following algorithms on AIX®:

  • EC key generation (-Djdk.nativeECKeyGen)
  • MD5 (part of -Djdk.nativeDigest)
  • XDH key generation (-Djdk.nativeXDHKeyGen)
  • XDH key agreement (-Djdk.nativeXDHKeyAgreement)

If you want to turn off the algorithms individually, use the following system properties:

• -Djdk.nativeCBC
• -Djdk.nativeChaCha20 ( Not supported on Java 8. )
• -Djdk.nativeGCM
• -Djdk.nativeRSA
• -Djdk.nativeDigest
• -Djdk.nativeEC
• -Djdk.nativeECKeyGen
• -Djdk.nativeXDHKeyAgreement
• -Djdk.nativeXDHKeyGen