Flags reference
Eliya adds one flag to the JVM and modifies one configuration file. Everything else is upstream OpenJDK behaviour.
-XX:+UseEliyaDefaults
Default: off.
Scope: product flag. Location:
src/hotspot/share/runtime/globals.hpp.
When enabled, applies a curated runtime profile tuned for
telecom and request-processing workloads. Every individual flag is set via
FLAG_SET_ERGO — meaning an explicit value on the command line always wins.
What it sets
| Flag | Value | Purpose |
|---|---|---|
UseG1GC |
true | G1 collector — predictable pauses for request-driven workloads |
MaxGCPauseMillis |
50 | 50 ms pause target — aggressive for tail-latency SLAs |
G1HeapRegionSize |
4M | Fixed 4 MB regions — eliminates region-size heuristic variance |
InitiatingHeapOccupancyPercent |
35 | Start concurrent marking earlier than default 45% |
UseStringDeduplication |
true | Deduplicate duplicate String bodies — large XML/JSON payload wins |
OptimizeStringConcat |
true | Optimise string concatenation |
UseCompressedOops |
true | Compressed object pointers — smaller heap footprint |
TieredCompilation |
true | Tiered JIT — faster warmup for request paths |
Override semantics
Any flag set explicitly on the command line overrides the Eliya default. Example:
java -XX:+UseEliyaDefaults -XX:MaxGCPauseMillis=100 -jar app.jar
Copy
Uses all Eliya defaults except
MaxGCPauseMillis (user value 100 ms wins).
Inspecting applied values
java -XX:+UseEliyaDefaults -XX:+PrintFlagsFinal -version | grep -E "UseG1GC|MaxGCPauseMillis|UseStringDeduplication"
Copy
Eliya-applied flags show
{ergonomic} as the origin. Explicit user flags show {command line}.
Security defaults (always on)
Eliya modifies
$JAVA_HOME/conf/security/java.security in the overlay so hardening is active from
every JVM invocation — no flag required. This is separate from
-XX:+UseEliyaDefaults (performance) because security hardening is a safety
requirement, not a performance preference.
Full breakdown on the security page. Source of truth: conf/eliya/security.properties.
Opt-out (not recommended)
java -Djava.security.properties==/path/to/vanilla-java.security ...
Copy
The double equals ==
overrides; a single = appends. Only use this if a legacy integration genuinely
requires TLS 1.0 or weak ciphers.
Eliya
Dial