I think you just need to adjust your regex here... Have you tried something like this... ^TLS_ECDHE.*
Thanks, Phil On Thu, Aug 17, 2023 at 8:26 AM Martin Fong <martin.f...@toronto.ca> wrote: > I would like to find out the syntax to set only ECDHE*. > > The following works: > nifi.web.https.ciphersuites.include=^.*GCM_SHA256$ > > The following does not work: > nifi.web.https.ciphersuites.include=^.*TLS_ECDHE$ > > This will work but I want the whole ECDHE* and nothing else but it will be > a very long line to set them up. > nifi.web.https.ciphersuites.include= > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 > > 2023-08-16 13:54:52,811 INFO [main] o.e.jetty.util.ssl.SslContextFactory > No Cipher Suite matching '^.*TLS_ECDHE$' is supported > 2023-08-16 13:54:52,812 WARN [main] o.e.jetty.util.ssl.SslContextFactory > No supported Cipher Suite from [TLS_AES_256_GCM_SHA384, > TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, > TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, > TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, > TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, > TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, > TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, > TLS_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, > TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, > TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA] > > Please advise if there is a correct syntax just only for ECDHE*. > > Thanks, > Martin Fong > Enterprise Technical Support Specialist, Infrastructure & Platform (IAG) > Technology Services Division, Technology Infrastructure Services > City of Toronto > 703 Don Mills Road, 2nd Floor > Toronto, ON > M3C 3N3 > Tel: 416-397-7565 > e-mail: martin.f...@toronto.ca<mailto:martin.f...@toronto.ca> > > This e-mail message is confidential and subject to copyright. Any > unauthorized use or disclosure is prohibited. If you have received this > email and are not the intended recipient, please advise and delete it. > Thank you. > >
