My Oracle Support Banner

How to Disable PKCS11 in Java Process on Solaris (Doc ID 1510935.1)

Last updated on APRIL 13, 2023

Applies to:

Java Platform, Standard Edition - Version 5.0 and later
Java SE JDK and JRE - Version 6 to 6 [Release 6]
Oracle Solaris on SPARC (32-bit)
Oracle Solaris on SPARC (64-bit)
Oracle Solaris on x86 (32-bit)
Oracle Solaris on x86-64 (64-bit)

Goal

Please Note: Disabling PKCS11 can be used as an initial troubleshooting step for ruling in or ruling out PKCS11 as a culprit, or as a possible temporary workaround while an issue is being resolved, depending on the application, environment and situation.  Disabling PKCS11 on Solaris systems will disable the JVM's use of any hardware cryptographic accelerators on which the application may rely, and may cause degraded performance.  This document is intended to be used with the guidance of Java SE Support Engineering in conjunction with comprehensive Java/PKCS11 troubleshooting and is not intended as a final resolution to a Java/PKCS11 problem.

The Solaris security packages allow for a number of cryptography providers.   Java SE uses the PKCS11 provider by default.  However, there can be some times when the PKCS11 provider fails to work properly with certain Java applications.  Common problems are hangs or crashes in PKCS11 functions or the Java methods that call into the Solaris PKCS11 functions.  These failures can be caused by Solaris/PKCS11 bugs, Java bugs, or application code.  

This document describes how to disable PKCS11 so that the Sun crypto provider is used instead.

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.