greyp9 commented on a change in pull request #5008: URL: https://github.com/apache/nifi/pull/5008#discussion_r616953712
########## File path: nifi-docs/src/main/asciidoc/administration-guide.adoc ########## @@ -209,6 +209,28 @@ In order to facilitate the secure setup of NiFi, you can use the `tls-toolkit` c * <<toolkit-guide.adoc#tls_intermediate_ca,Using An Existing Intermediate Certificate Authority>> * <<toolkit-guide.adoc#additional_certificate_commands,Additional Certificate Commands>> +[[tls_cipher_suites]] +=== TLS Cipher Suites + +The Java Runtime Environment provides the ability to specify custom TLS cipher suites to be used by servers when accepting client connections. See +link:https://java.com/en/configure_crypto.html[here^] for more information. To use this feature for the NiFi web service, the following NiFi properties +may be set: + +[options="header,footer"] +|================================================================================================================================================== +| Property Name | Description +|`nifi.web.https.includeciphersuites` | Additional ciphers that may be used by incoming client connections. Review comment: You're right! My experimentation after writing this blurb confirmed that, if "includeCiphers()" is used, only referenced ciphers are available to be selected (I assume that excluded ciphers would cull from the include list). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org