Currently NiFi uses the same collection of TLS cipher suites for both its role as a server and outgoing connections (i.e. GetHTTP or InvokeHTTP processors, etc.). This collection is not customizable or modifiable by end users.
Extract these values from the application to be configurable, provide sensible defaults, and decouple the roles so they can be set independently (i.e. more restrictive and stronger cipher suites for NiFi as a server, but allowing weaker/fallback cipher suites for external connections to a legacy resource).