@Love-Nifi 

What is your NiFi Version?     From NiFi 1.2.0 release it should be default to TLS 1.2 as per
https://issues.apache.org/jira/browse/NIFI-3720
Snippet from JIRA:

Users/client connecting to NiFi through the UI or API now protected with TLS v1.2. TLSv1/1.1 are no longer supported.

https://cwiki.apache.org/confluence/display/NIFI/Release+Notes#ReleaseNotes-Version1.2.0

Snippet from the Doc:

Security
Users/client connecting to NiFi through the UI or API now protected with TLS v1.2 due to upgrade to Jetty version 9.4.2

So if you are using HDF then please check the NiFi Version. For example HDF3.0 (NiFi 1.2.0) will allow TLS 1.2 for all in coming connections. Other TLS versions will still be used for outgoing connections.

.

In General,  One option to disable all TLS protocols except TLSv1.2, can be achieved by editing "$JAVA_HOME/jre/lib/security/java.security" file. Here JAVA_HOME is the one which is used by NiFi process and  changing the "jdk.tls.disabledAlgorithms" property value to something like following as mentioned in https://java.com/en/configure_crypto.html

Example:

jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize, SSLv2Hello, TLSv1, TLSv1.1 < 768

.

You can further validate your NiFi by using the OpenSSL commands as following to attempt to connect to it using different options like following

# openssl s_client -connect <NiFIhostname>:<port>


# openssl s_client -connect <NiFIhostname>:<port> -tls1_2 
# openssl s_client -connect <NiFIhostname>:<port> -tls1_2 
# openssl s_client -connect <NiFIhostname>:<port> -tls1
# openssl s_client -connect <NiFIhostname>:<port> -ssl3

.