Java Openssl Library

  • The Apache group has built a library for Java that uses JNI to access openssl for AES encryption. I think it's the best public example of using JNI to access openssl, and you can reference it easily using maven.
  • Mar 05, 2014 OpenSSL-Java is a fast OpenSSL Java JNI binding with implement a provider the Java Cryptography Architecture. You can use OpenSSL with no additional your java code changes!
  • Feb 06, 2010 Java FIPS Release 1.0.2 is now available for download. Wednesday 28th August 2019. Our third Java FIPS release, certified for Java 1.7, Java 1.8, and Java 11, is now available at our Java FIPS page. In addition to being certified for 1.7/1.8/11 the jar is also compatible with Java 1.5 and Java 1.6.
  • A provider for the Java Secure Socket Extension (JSSE). A clean room implementation of the JCE 1.2.1. A library for reading and writing encoded ASN.1 objects. Lightweight APIs for TLS (RFC 2246, RFC 4346) and DTLS (RFC 6347/ RFC 4347).

Apache Commons Crypto is a cryptographic library optimized with AES-NI (Advanced Encryption Standard New Instructions). Commons Crypto provides Java APIs at the cipher level and Java stream level. Developers can implement high performance AES encryption/decryption with minimum coding and effort.

Documentation Index


The Apache Tomcat Native Library is an optional component for use with Apache Tomcat that allows Tomcat to use certain native resources for performance, compatibility, etc.

Specifically, the Apache Tomcat Native Library gives Tomcat access to the Apache Portable Runtime (APR) library's network connection (socket) implementation and random-number generator. See the Apache Tomcat documentation for more information on how to configure Tomcat to use the APR connector.

Features of the APR connector:

  • Non-blocking I/O for Keep-Alive requests (between requests)
  • Uses OpenSSL for TLS/SSL capabilities (if supported by linked APR library)
  • FIPS 140-2 support for TLS/SSL (if supported by linked OpenSSL library)
  • Support for IPv4, IPv6 and Unix Domain Sockets


Java Openssl Library
  • 6 Apr 2021 - TC-Native-1.2.28released

    The Apache Tomcat team is proud to announce the immediate availability ofTomcat Native 1.2.28 Stable.

    The sources and the binaries for selected platforms are available from theDownload page.

    Please see the Changelog for a fulllist of changes.



Build tc-native requires three components to be installed:

  • APR library
  • OpenSSL libraries
  • Java SE Development Kit (JDK)

In debian based Linux those dependencies could be installed by something like:

In rpm based Linux those dependencies could be installed by something like:


On all the POSIX systems (Linux, Solaris, HP-UX, AIX etc...) a well-known configure and make is used to build tc-native.
In the jni/native runs:

to read the description of all the parameters.

to create the includes and makefiles to be able to build tc-native.
$HOME/APR is something like /usr/bin/apr-1-config or the path where apr is installed.
$JAVA_HOME is something /home/jfclere/JAVA/jdk1.7.0_80 path to a JDK installation. Any JDK should work but it is advisable to use the same JVM version the JVM you use with Tomcat.
$HOME/OPENSSL is the path where OpenSSL is installed.
$CATALINA_HOME is the path where the produced libraries will be installed. Something like $HOME/apache-tomcat-8.0.47/
The configure is able to guess most of OpenSSL standard installations. So most of the time the following will be enough:

To build the libraries and install them:

The libraries will be found in $CATALINA_HOME/lib


Download the Windows sources of tc-native and extract them.


Obtain the Windows sources for APR and OpenSSL. Apply the patches from native/srclib and build APR and OpenSSL for your platform (X86 or X64).

Build with

More detailed instructions including the steps to create a standard release distribution are provided on the Wiki.

Install and tests

Configuring Tomcat

Apache Tomcat comes with the AprLifecycleListener enabled by default. Still, you should check your conf/server.xml to ensure that something like the following is present, and uncommented:

Please see the Apache Tomcat documentation for configuration specifics.

When using Unix Domain Sockets a cleanup is registered to delete the socket on destruction of the socket, or shutdown of the application. Should the application terminate abnormally, the socket deletion will need to be handled by the caller or by the administrator.


Edit $CATALINA_HOME/bin/ (creating the file if necessary) and add the path to the tc-native libraries to LD_LIBRARY_PATH. Something like:

Openssl Library For Java


Start tomcat and check for the messages like this ones:

Refer to the tomcat documentation to configure the connectors (See Tomcat 9.0.xTomcat 8.5.x and Tomcat 7.0.x)

Java openssl library not playing


Edit $CATALINA_BASEbinsetenv.bat (creating the file if necessary) and add the path to the tc-native libraries, apr and OpenSSL to PATH. For example:

Start tomcat and check for the messages like this ones:

Openssl Java Library Download

APR support requires three main native components to be installed:

  • APR library
  • JNI wrappers for APR used by Tomcat (libtcnative)
  • OpenSSL libraries

Java Openssl Library Not Available


Windows binaries are provided for tcnative-1, which is a statically compiled .dll which includes OpenSSL and APR. It can be downloaded from here as 32bit or AMD x86-64 binaries. In security conscious production environments, it is recommended to use separate shared dlls for OpenSSL, APR, and libtcnative-1, and update them as needed according to security bulletins. Windows OpenSSL binaries are linked from the Official OpenSSL website (see related/binaries).

Openssl Crypto Library


Most Linux distributions will ship packages for APR and OpenSSL. The JNI wrapper (libtcnative) will then have to be compiled. It depends on APR, OpenSSL, and the Java headers.


  • APR 1.2+ development headers (libapr1-dev package)
  • OpenSSL 0.9.7+ development headers (libssl-dev package)
  • JNI headers from Java compatible JDK 1.4+
  • GNU development environment (gcc, make)

The wrapper library sources are located in the Tomcat binary bundle, in the bin/tomcat-native.tar.gz archive. Once the build environment is installed and the source archive is extracted, the wrapper library can be compiled using (from the folder containing the configure script):