From 02261311b3b3f765ebb394f8f101b0373a7fb3ab Mon Sep 17 00:00:00 2001
From: Matt Gilman <matt.c.gilman@gmail.com>
Date: Mon, 22 Oct 2018 14:58:43 -0400
Subject: [PATCH] NIFI-5737: - Removing needClientAuth property since cluster
 comms now requires two way ssl. Jetty client auth settings are based on
 configured features. - Removing dead code. - Updating documentation. -
 Removing references to needClientAuth property in all test resources. -
 Removing overloaded util method with strict parameter.

This closes #3102.
---
 .../org/apache/nifi/util/NiFiProperties.java  | 15 -------
 .../NiFiProperties/conf/nifi.blank.properties |  1 -
 .../conf/nifi.missing.properties              |  1 -
 .../NiFiProperties/conf/nifi.properties       |  1 -
 nifi-docker/dockerhub/sh/start.sh             |  1 -
 nifi-docker/dockermaven/sh/start.sh           |  1 -
 .../main/asciidoc/administration-guide.adoc   | 14 +++----
 .../src/test/resources/conf/nifi.properties   |  1 -
 .../ServerSocketConfigurationFactoryBean.java |  2 +-
 .../src/test/resources/conf/nifi.properties   |  1 -
 .../nifi/controller/FlowController.java       |  2 +-
 .../manager/StandardStateManagerProvider.java |  2 +-
 .../flow/StandardFlowRegistryClient.java      | 11 +++--
 .../src/test/resources/conf/nifi.properties   |  1 -
 .../flowcontrollertest.nifi.properties        |  1 -
 .../resources/lifecycletest.nifi.properties   |  1 -
 .../resources/nifi-with-remote.properties     |  1 -
 ...standardflowserializertest.nifi.properties |  1 -
 ...andardflowsynchronizerspec.nifi.properties |  1 -
 ...andardprocessschedulertest.nifi.properties |  1 -
 .../NarUnpacker/conf/nifi.properties          |  1 -
 .../src/test/resources/nifi.properties        |  1 -
 .../src/test/resources/nifi.properties        |  1 -
 ...sitive_properties_protected_aes.properties |  1 -
 .../test/resources/conf/nifi.blank.properties |  1 -
 .../resources/conf/nifi.missing.properties    |  1 -
 .../src/test/resources/conf/nifi.properties   |  1 -
 ..._with_additional_sensitive_keys.properties |  1 -
 ...sitive_properties_protected_aes.properties |  1 -
 ...rsive_additional_sensitive_keys.properties |  1 -
 ...sitive_properties_protected_aes.properties |  1 -
 ...ve_properties_protected_aes_128.properties |  1 -
 ...ties_protected_aes_128_password.properties |  1 -
 ...rotected_aes_multiple_malformed.properties |  1 -
 ..._protected_aes_single_malformed.properties |  1 -
 ...ve_properties_protected_unknown.properties |  1 -
 ...ensitive_properties_unprotected.properties |  1 -
 ...operties_unprotected_extra_line.properties |  1 -
 .../nifi-framework/nifi-resources/pom.xml     |  1 -
 .../src/main/resources/conf/nifi.properties   |  1 -
 .../NiFiProperties/conf/nifi.properties       |  1 -
 ...sitive_properties_protected_aes.properties |  1 -
 ...ve_properties_protected_aes_128.properties |  1 -
 ...ies_protected_aes_different_key.properties |  1 -
 ...protected_aes_different_key_128.properties |  1 -
 .../security/util/SslContextFactory.java      | 41 ++++++-------------
 .../security/util/SslContextFactoryTest.java  | 10 ++---
 .../src/test/resources/nifi.properties        |  1 -
 .../access-control/nifi-flow.properties       |  1 -
 .../resources/access-control/nifi.properties  |  1 -
 .../resources/site-to-site/nifi.properties    |  1 -
 .../notify/conf/nifi-secured.properties       |  1 -
 .../resources/notify/conf/nifi.properties     |  1 -
 .../notify/conf_secure/nifi.properties        |  1 -
 .../test/resources/nifi_default.properties    |  1 -
 ...sitive_properties_protected_aes.properties |  1 -
 ...ve_properties_protected_aes_128.properties |  1 -
 ...operties_protected_aes_password.properties |  1 -
 ...ties_protected_aes_password_128.properties |  1 -
 ...ensitive_properties_unprotected.properties |  1 -
 ...ed_and_empty_protection_schemes.properties |  1 -
 .../nifi/toolkit/s2s/SiteToSiteCliMain.java   |  2 -
 .../test/resources/localhost/nifi.properties  |  1 -
 63 files changed, 31 insertions(+), 122 deletions(-)

diff --git a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
index 9ded1a1d23..562f8c0d22 100644
--- a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
+++ b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
@@ -139,7 +139,6 @@ public abstract class NiFiProperties {
     public static final String SECURITY_TRUSTSTORE = "nifi.security.truststore";
     public static final String SECURITY_TRUSTSTORE_TYPE = "nifi.security.truststoreType";
     public static final String SECURITY_TRUSTSTORE_PASSWD = "nifi.security.truststorePasswd";
-    public static final String SECURITY_NEED_CLIENT_AUTH = "nifi.security.needClientAuth";
     public static final String SECURITY_USER_AUTHORIZER = "nifi.security.user.authorizer";
     public static final String SECURITY_USER_LOGIN_IDENTITY_PROVIDER = "nifi.security.user.login.identity.provider";
     public static final String SECURITY_OCSP_RESPONDER_URL = "nifi.security.ocsp.responder.url";
@@ -573,20 +572,6 @@ public abstract class NiFiProperties {
         }
     }
 
-    /**
-     * Will default to true unless the value is explicitly set to false.
-     *
-     * @return Whether client auth is required
-     */
-    public boolean getNeedClientAuth() {
-        boolean needClientAuth = true;
-        String rawNeedClientAuth = getProperty(SECURITY_NEED_CLIENT_AUTH);
-        if ("false".equalsIgnoreCase(rawNeedClientAuth)) {
-            needClientAuth = false;
-        }
-        return needClientAuth;
-    }
-
     // getters for web properties //
     public Integer getPort() {
         Integer port = null;
diff --git a/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.blank.properties b/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.blank.properties
index aaf2e29569..b243a39ed5 100644
--- a/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.blank.properties
+++ b/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.blank.properties
@@ -81,7 +81,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.missing.properties b/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.missing.properties
index fb48be3e64..fd532a4d5a 100644
--- a/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.missing.properties
+++ b/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.missing.properties
@@ -79,7 +79,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.properties b/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.properties
index 6d1e03bd16..2c58fa9cf1 100644
--- a/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.properties
+++ b/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.properties
@@ -81,7 +81,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-docker/dockerhub/sh/start.sh b/nifi-docker/dockerhub/sh/start.sh
index 936d277cf9..1cf5a7c5c8 100755
--- a/nifi-docker/dockerhub/sh/start.sh
+++ b/nifi-docker/dockerhub/sh/start.sh
@@ -53,7 +53,6 @@ case ${AUTH} in
         echo 'Enabling LDAP user authentication'
         # Reference ldap-provider in properties
         prop_replace 'nifi.security.user.login.identity.provider' 'ldap-provider'
-        prop_replace 'nifi.security.needClientAuth' 'WANT'
 
         . "${scripts_dir}/secure.sh"
         . "${scripts_dir}/update_login_providers.sh"
diff --git a/nifi-docker/dockermaven/sh/start.sh b/nifi-docker/dockermaven/sh/start.sh
index 936d277cf9..1cf5a7c5c8 100755
--- a/nifi-docker/dockermaven/sh/start.sh
+++ b/nifi-docker/dockermaven/sh/start.sh
@@ -53,7 +53,6 @@ case ${AUTH} in
         echo 'Enabling LDAP user authentication'
         # Reference ldap-provider in properties
         prop_replace 'nifi.security.user.login.identity.provider' 'ldap-provider'
-        prop_replace 'nifi.security.needClientAuth' 'WANT'
 
         . "${scripts_dir}/secure.sh"
         . "${scripts_dir}/update_login_providers.sh"
diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc
index b62ac3031b..809453624d 100644
--- a/nifi-docs/src/main/asciidoc/administration-guide.adoc
+++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc
@@ -168,7 +168,6 @@ NiFi provides several different configuration options for security purposes. The
 |`nifi.security.truststore` | Filename of the Truststore that will be used to authorize those connecting to NiFi.  A secured instance with no Truststore will refuse all incoming connections.
 |`nifi.security.truststoreType` | The type of the Truststore. Must be either `PKCS12` or `JKS`.  JKS is the preferred type, PKCS12 files will be loaded with BouncyCastle provider.
 |`nifi.security.truststorePasswd` | The password for the Truststore.
-|`nifi.security.needClientAuth` | Set to `true` to specify that connecting clients must authenticate themselves. This property is used by the NiFi cluster protocol to indicate that nodes in the cluster will be authenticated and must have certificates that are trusted by the Truststores. If not set, the default value is `true`.
 |==================================================================================================================================================
 
 Once the above properties have been configured, we can enable the User Interface to be accessed over HTTPS instead of HTTP. This is accomplished
@@ -179,14 +178,14 @@ properties can be specified.
 
 NOTE: It is important when enabling HTTPS that the `nifi.web.http.port` property be unset. NiFi only supports running on HTTP *or* HTTPS, not both simultaneously.
 
-Similar to `nifi.security.needClientAuth`, the web server can be configured to require certificate based client authentication for users accessing
-the User Interface. In order to do this it must be configured to not support username/password authentication using  <<ldap_login_identity_provider>> or <<kerberos_login_identity_provider>>. Either of these options
-will configure the web server to WANT certificate based client authentication. This will allow it to support users with certificates and those without
-that may be logging in with their credentials or those accessing anonymously. If username/password authentication and anonymous access are not configured,
-the web server will REQUIRE certificate based client authentication. See <<user_authentication>> for more details.
+NiFi's web server will REQUIRE certificate based client authentication for users accessing the User Interface when not configured with an alternative
+authentication mechanism which would require one way SSL (for instance LDAP, OpenId Connect, etc). Enabling an alternative authentication mechanism will
+configure the web server to WANT certificate base client authentication. This will allow it to support users with certificates and those without that
+may be logging in with credentials. See <<user_authentication>> for more details.
 
 Now that the User Interface has been secured, we can easily secure Site-to-Site connections and inner-cluster communications, as well. This is
-accomplished by setting the `nifi.remote.input.secure` and `nifi.cluster.protocol.is.secure` properties, respectively, to `true`.
+accomplished by setting the `nifi.remote.input.secure` and `nifi.cluster.protocol.is.secure` properties, respectively, to `true`. These communications
+will always REQUIRE two way SSL as the nodes will use their configured keystore/truststore for authentication.
 
 [[tls_generation_toolkit]]
 === TLS Generation Toolkit
@@ -3929,7 +3928,6 @@ These properties pertain to various security features in NiFi. Many of these pro
 |`nifi.security.truststore`*|The full path and name of the truststore. It is blank by default.
 |`nifi.security.truststoreType`|The truststore type. It is blank by default.
 |`nifi.security.truststorePasswd`|The truststore password. It is blank by default.
-|`nifi.security.needClientAuth`|This indicates whether client authentication in the cluster protocol. It is blank by default.
 |`nifi.security.user.authorizer`|Specifies which of the configured Authorizers in the _authorizers.xml_ file to use.  By default, it is set to `file-provider`.
 |`nifi.security.user.login.identity.provider`|This indicates what type of login identity provider to use. The default value is blank, can be set to the identifier from a provider
 in the file specified in `nifi.login.identity.provider.configuration.file`. Setting this property will trigger NiFi to support username/password authentication.
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-documentation/src/test/resources/conf/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-documentation/src/test/resources/conf/nifi.properties
index 38cbd91d3a..a768adca2f 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-documentation/src/test/resources/conf/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-documentation/src/test/resources/conf/nifi.properties
@@ -82,7 +82,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/ServerSocketConfigurationFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/ServerSocketConfigurationFactoryBean.java
index ae4e70d509..1f38d8e7f1 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/ServerSocketConfigurationFactoryBean.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster-protocol/src/main/java/org/apache/nifi/cluster/protocol/spring/ServerSocketConfigurationFactoryBean.java
@@ -36,7 +36,7 @@ public class ServerSocketConfigurationFactoryBean implements FactoryBean<ServerS
     public ServerSocketConfiguration getObject() throws Exception {
         if (configuration == null) {
             configuration = new ServerSocketConfiguration();
-            configuration.setNeedClientAuth(properties.getNeedClientAuth());
+            configuration.setNeedClientAuth(true);
 
             final int timeout = (int) FormatUtils.getTimeDuration(properties.getClusterNodeReadTimeout(), TimeUnit.MILLISECONDS);
             configuration.setSocketTimeout(timeout);
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/test/resources/conf/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/test/resources/conf/nifi.properties
index d8242310b5..20f259d27f 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/test/resources/conf/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/test/resources/conf/nifi.properties
@@ -95,7 +95,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.authorizedUsers.file=./target/conf/authorized-users.xml
 nifi.security.user.credential.cache.duration=24 hours
 nifi.security.user.authority.provider=nifi.authorization.FileAuthorizationProvider
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java
index ebd809c572..69bdf2ae5a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java
@@ -513,7 +513,7 @@ public class FlowController implements EventAccess, ControllerServiceProvider, R
         this.encryptor = encryptor;
         this.nifiProperties = nifiProperties;
         this.heartbeatMonitor = heartbeatMonitor;
-        sslContext = SslContextFactory.createSslContext(nifiProperties, false);
+        sslContext = SslContextFactory.createSslContext(nifiProperties);
         extensionManager = new ExtensionManager();
         this.clusterCoordinator = clusterCoordinator;
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/manager/StandardStateManagerProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/manager/StandardStateManagerProvider.java
index d3248b5078..84645998e3 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/manager/StandardStateManagerProvider.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/state/manager/StandardStateManagerProvider.java
@@ -194,7 +194,7 @@ public class StandardStateManagerProvider implements StateManagerProvider{
             propertyMap.put(descriptor, new StandardPropertyValue(entry.getValue(),null, variableRegistry));
         }
 
-        final SSLContext sslContext = SslContextFactory.createSslContext(properties, false);
+        final SSLContext sslContext = SslContextFactory.createSslContext(properties);
         final ComponentLog logger = new SimpleProcessLogger(providerId, provider);
         final StateProviderInitializationContext initContext = new StandardStateProviderInitializationContext(providerId, propertyMap, sslContext, logger);
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/StandardFlowRegistryClient.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/StandardFlowRegistryClient.java
index 870ab7b9b1..4a695fbf96 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/StandardFlowRegistryClient.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/registry/flow/StandardFlowRegistryClient.java
@@ -17,17 +17,16 @@
 
 package org.apache.nifi.registry.flow;
 
+import org.apache.nifi.framework.security.util.SslContextFactory;
+import org.apache.nifi.util.NiFiProperties;
+
+import javax.net.ssl.SSLContext;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 
-import javax.net.ssl.SSLContext;
-
-import org.apache.nifi.framework.security.util.SslContextFactory;
-import org.apache.nifi.util.NiFiProperties;
-
 public class StandardFlowRegistryClient implements FlowRegistryClient {
     private NiFiProperties nifiProperties;
     private ConcurrentMap<String, FlowRegistry> registryById = new ConcurrentHashMap<>();
@@ -76,7 +75,7 @@ public class StandardFlowRegistryClient implements FlowRegistryClient {
 
         final FlowRegistry registry;
         if (uriScheme.equalsIgnoreCase("http") || uriScheme.equalsIgnoreCase("https")) {
-            final SSLContext sslContext = SslContextFactory.createSslContext(nifiProperties, false);
+            final SSLContext sslContext = SslContextFactory.createSslContext(nifiProperties);
             if (sslContext == null && uriScheme.equalsIgnoreCase("https")) {
                 throw new IllegalStateException("Failed to create Flow Registry for URI " + registryUrl
                     + " because this NiFi is not configured with a Keystore/Truststore, so it is not capable of communicating with a secure Registry. "
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/conf/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/conf/nifi.properties
index f4718539d6..cc8f098a86 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/conf/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/conf/nifi.properties
@@ -80,7 +80,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/flowcontrollertest.nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/flowcontrollertest.nifi.properties
index 76e56356f8..d9aa4d27c3 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/flowcontrollertest.nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/flowcontrollertest.nifi.properties
@@ -85,7 +85,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/lifecycletest.nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/lifecycletest.nifi.properties
index 4dc3a13a93..0d75e222ae 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/lifecycletest.nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/lifecycletest.nifi.properties
@@ -85,7 +85,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/nifi-with-remote.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/nifi-with-remote.properties
index 109ddbc43b..7dbfdb27b4 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/nifi-with-remote.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/nifi-with-remote.properties
@@ -80,7 +80,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/standardflowserializertest.nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/standardflowserializertest.nifi.properties
index 4acdea0268..6ec2d528ff 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/standardflowserializertest.nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/standardflowserializertest.nifi.properties
@@ -85,7 +85,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/standardflowsynchronizerspec.nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/standardflowsynchronizerspec.nifi.properties
index a231179722..7bc98f6f82 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/standardflowsynchronizerspec.nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/standardflowsynchronizerspec.nifi.properties
@@ -85,7 +85,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/standardprocessschedulertest.nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/standardprocessschedulertest.nifi.properties
index 1c4d6e79a5..a51b5231d7 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/standardprocessschedulertest.nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/standardprocessschedulertest.nifi.properties
@@ -85,7 +85,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-nar-utils/src/test/resources/NarUnpacker/conf/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-nar-utils/src/test/resources/NarUnpacker/conf/nifi.properties
index 3a17e0daeb..c3ff46aa18 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-nar-utils/src/test/resources/NarUnpacker/conf/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-nar-utils/src/test/resources/NarUnpacker/conf/nifi.properties
@@ -83,7 +83,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-nar-utils/src/test/resources/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-nar-utils/src/test/resources/nifi.properties
index bbec9680f2..e3512d8c4e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-nar-utils/src/test/resources/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-nar-utils/src/test/resources/nifi.properties
@@ -143,7 +143,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=file-provider
 nifi.security.user.login.identity.provider=
 nifi.security.ocsp.responder.url=
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/test/resources/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/test/resources/nifi.properties
index a55b39823a..c3f8e26df0 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/test/resources/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/test/resources/nifi.properties
@@ -143,7 +143,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=file-provider
 nifi.security.user.login.identity.provider=
 nifi.security.ocsp.responder.url=
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/bootstrap_tests/conf/nifi_with_sensitive_properties_protected_aes.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/bootstrap_tests/conf/nifi_with_sensitive_properties_protected_aes.properties
index 2a67d2765a..a58a5daf27 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/bootstrap_tests/conf/nifi_with_sensitive_properties_protected_aes.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/bootstrap_tests/conf/nifi_with_sensitive_properties_protected_aes.properties
@@ -86,7 +86,6 @@ nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=/X/RSlNr2QCJ1Kwe||dENJevX5P61ix+97airrtoBQoyasMFS6DG6fHbX+SZtw2VAMllSSnDeT97Q=
 nifi.security.truststorePasswd.protected=aes/gcm/256
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi.blank.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi.blank.properties
index aaf2e29569..b243a39ed5 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi.blank.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi.blank.properties
@@ -81,7 +81,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi.missing.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi.missing.properties
index fb48be3e64..fd532a4d5a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi.missing.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi.missing.properties
@@ -79,7 +79,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi.properties
index 6d1e03bd16..2c58fa9cf1 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi.properties
@@ -81,7 +81,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_additional_sensitive_keys.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_additional_sensitive_keys.properties
index 6a88c25569..2e2685db08 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_additional_sensitive_keys.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_additional_sensitive_keys.properties
@@ -82,7 +82,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_all_sensitive_properties_protected_aes.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_all_sensitive_properties_protected_aes.properties
index 2a67d2765a..a58a5daf27 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_all_sensitive_properties_protected_aes.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_all_sensitive_properties_protected_aes.properties
@@ -86,7 +86,6 @@ nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=/X/RSlNr2QCJ1Kwe||dENJevX5P61ix+97airrtoBQoyasMFS6DG6fHbX+SZtw2VAMllSSnDeT97Q=
 nifi.security.truststorePasswd.protected=aes/gcm/256
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_recursive_additional_sensitive_keys.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_recursive_additional_sensitive_keys.properties
index 6a88c25569..2e2685db08 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_recursive_additional_sensitive_keys.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_recursive_additional_sensitive_keys.properties
@@ -82,7 +82,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes.properties
index 10e91eac7b..f08746e3d8 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes.properties
@@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=aes/gcm/256
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes_128.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes_128.properties
index c45ab86388..25e8ce298e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes_128.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes_128.properties
@@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=aes/gcm/128
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes_128_password.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes_128_password.properties
index 51b136459c..e7c4217019 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes_128_password.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes_128_password.properties
@@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=aes/gcm/128
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes_multiple_malformed.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes_multiple_malformed.properties
index cc2153d9a6..b94b422d41 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes_multiple_malformed.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes_multiple_malformed.properties
@@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=aes/gcm/256
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes_single_malformed.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes_single_malformed.properties
index 03fe7f32c9..d13adc975e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes_single_malformed.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_aes_single_malformed.properties
@@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=aes/gcm/256
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_unknown.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_unknown.properties
index 591dfaa035..b0680a7570 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_unknown.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_protected_unknown.properties
@@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=unknown
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_unprotected.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_unprotected.properties
index 5ff84a8863..b8a5e11576 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_unprotected.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_unprotected.properties
@@ -82,7 +82,6 @@ nifi.security.keyPasswd=thisIsABadKeyPassword
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_unprotected_extra_line.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_unprotected_extra_line.properties
index 1e308bf87e..a6507a12c8 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_unprotected_extra_line.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-properties-loader/src/test/resources/conf/nifi_with_sensitive_properties_unprotected_extra_line.properties
@@ -83,7 +83,6 @@ nifi.security.keyPasswd=thisIsABadKeyPassword
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml
index fc18be8234..41a74fe35e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/pom.xml
@@ -144,7 +144,6 @@
         <nifi.security.truststore />
         <nifi.security.truststoreType />
         <nifi.security.truststorePasswd />
-        <nifi.security.needClientAuth />
         <nifi.security.user.authorizer>managed-authorizer</nifi.security.user.authorizer>
         <nifi.security.user.login.identity.provider />
         <nifi.security.x509.principal.extractor />
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
index a37e8b1472..6143f63185 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
@@ -158,7 +158,6 @@ nifi.security.keyPasswd=${nifi.security.keyPasswd}
 nifi.security.truststore=${nifi.security.truststore}
 nifi.security.truststoreType=${nifi.security.truststoreType}
 nifi.security.truststorePasswd=${nifi.security.truststorePasswd}
-nifi.security.needClientAuth=${nifi.security.needClientAuth}
 nifi.security.user.authorizer=${nifi.security.user.authorizer}
 nifi.security.user.login.identity.provider=${nifi.security.user.login.identity.provider}
 nifi.security.ocsp.responder.url=${nifi.security.ocsp.responder.url}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi.properties
index ff190d4835..5b16076ddd 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi.properties
@@ -141,7 +141,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=file-provider
 nifi.security.user.login.identity.provider=
 nifi.security.ocsp.responder.url=
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi_with_sensitive_properties_protected_aes.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi_with_sensitive_properties_protected_aes.properties
index 6dd949b83c..a018d45063 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi_with_sensitive_properties_protected_aes.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi_with_sensitive_properties_protected_aes.properties
@@ -142,7 +142,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=file-provider
 nifi.security.user.login.identity.provider=
 nifi.security.ocsp.responder.url=
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi_with_sensitive_properties_protected_aes_128.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi_with_sensitive_properties_protected_aes_128.properties
index 514e04fa77..37fba5712d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi_with_sensitive_properties_protected_aes_128.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi_with_sensitive_properties_protected_aes_128.properties
@@ -142,7 +142,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=file-provider
 nifi.security.user.login.identity.provider=
 nifi.security.ocsp.responder.url=
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi_with_sensitive_properties_protected_aes_different_key.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi_with_sensitive_properties_protected_aes_different_key.properties
index c11541ced8..39a1d4a009 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi_with_sensitive_properties_protected_aes_different_key.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi_with_sensitive_properties_protected_aes_different_key.properties
@@ -145,7 +145,6 @@ nifi.security.keyPasswd.protected=aes/gcm/256
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=file-provider
 nifi.security.user.login.identity.provider=
 nifi.security.ocsp.responder.url=
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi_with_sensitive_properties_protected_aes_different_key_128.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi_with_sensitive_properties_protected_aes_different_key_128.properties
index b5b82f0a4a..84a613c9e8 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi_with_sensitive_properties_protected_aes_different_key_128.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-runtime/src/test/resources/NiFiProperties/conf/nifi_with_sensitive_properties_protected_aes_different_key_128.properties
@@ -145,7 +145,6 @@ nifi.security.keyPasswd.protected=aes/gcm/128
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=file-provider
 nifi.security.user.login.identity.provider=
 nifi.security.ocsp.responder.url=
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-security/src/main/java/org/apache/nifi/framework/security/util/SslContextFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-security/src/main/java/org/apache/nifi/framework/security/util/SslContextFactory.java
index 5dd637392d..8f43339e62 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-security/src/main/java/org/apache/nifi/framework/security/util/SslContextFactory.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-security/src/main/java/org/apache/nifi/framework/security/util/SslContextFactory.java
@@ -16,6 +16,13 @@
  */
 package org.apache.nifi.framework.security.util;
 
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.security.util.KeyStoreUtils;
+import org.apache.nifi.util.NiFiProperties;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -25,13 +32,6 @@ import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateException;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManagerFactory;
-
-import org.apache.nifi.security.util.KeyStoreUtils;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.commons.lang3.StringUtils;
 
 /**
  * A factory for creating SSL contexts using the application's security
@@ -40,30 +40,13 @@ import org.apache.commons.lang3.StringUtils;
  */
 public final class SslContextFactory {
 
-    public static enum ClientAuth {
-
-        WANT,
-        REQUIRED,
-        NONE
-    }
-
     public static SSLContext createSslContext(final NiFiProperties props)
             throws SslContextCreationException {
-        return createSslContext(props, false);
-    }
 
-    public static SSLContext createSslContext(final NiFiProperties props, final boolean strict)
-            throws SslContextCreationException {
-
-        final boolean hasKeystoreProperties = hasKeystoreProperties(props);
-        if (hasKeystoreProperties == false) {
-            if (strict) {
-                throw new SslContextCreationException("SSL context cannot be created because keystore properties have not been configured.");
-            } else {
-                return null;
-            }
-        } else if (props.getNeedClientAuth() && hasTruststoreProperties(props) == false) {
-            throw new SslContextCreationException("Need client auth is set to 'true', but no truststore properties are configured.");
+        if (hasKeystoreProperties(props) == false) {
+            return null;
+        } else if (hasTruststoreProperties(props) == false) {
+            throw new SslContextCreationException("SSL context cannot be created because truststore properties have not been configured.");
         }
 
         try {
@@ -98,7 +81,7 @@ public final class SslContextFactory {
             final SSLContext sslContext = SSLContext.getInstance("TLS");
             sslContext.init(keyManagerFactory.getKeyManagers(),
                     trustManagerFactory.getTrustManagers(), null);
-            sslContext.getDefaultSSLParameters().setNeedClientAuth(props.getNeedClientAuth());
+            sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
 
             return sslContext;
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-security/src/test/java/org/apache/nifi/framework/security/util/SslContextFactoryTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-security/src/test/java/org/apache/nifi/framework/security/util/SslContextFactoryTest.java
index 024881a51e..93b2c8f1e4 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-security/src/test/java/org/apache/nifi/framework/security/util/SslContextFactoryTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-security/src/test/java/org/apache/nifi/framework/security/util/SslContextFactoryTest.java
@@ -17,11 +17,13 @@
 package org.apache.nifi.framework.security.util;
 
 import org.apache.nifi.security.util.KeystoreType;
-import java.io.File;
 import org.apache.nifi.util.NiFiProperties;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
+
+import java.io.File;
+
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
@@ -42,7 +44,6 @@ public class SslContextFactoryTest {
         when(authProps.getProperty(NiFiProperties.SECURITY_KEYSTORE)).thenReturn(ksFile.getAbsolutePath());
         when(authProps.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE)).thenReturn(KeystoreType.JKS.toString());
         when(authProps.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD)).thenReturn("passwordpassword");
-        when(authProps.getNeedClientAuth()).thenReturn(false);
 
         mutualAuthProps = mock(NiFiProperties.class);
         when(mutualAuthProps.getProperty(NiFiProperties.SECURITY_KEYSTORE)).thenReturn(ksFile.getAbsolutePath());
@@ -51,7 +52,6 @@ public class SslContextFactoryTest {
         when(mutualAuthProps.getProperty(NiFiProperties.SECURITY_TRUSTSTORE)).thenReturn(trustFile.getAbsolutePath());
         when(mutualAuthProps.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE)).thenReturn(KeystoreType.JKS.toString());
         when(mutualAuthProps.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD)).thenReturn("passwordpassword");
-        when(mutualAuthProps.getNeedClientAuth()).thenReturn(true);
 
     }
 
@@ -60,9 +60,9 @@ public class SslContextFactoryTest {
         Assert.assertNotNull(SslContextFactory.createSslContext(mutualAuthProps));
     }
 
-    @Test
+    @Test(expected = SslContextCreationException.class)
     public void testCreateSslContextWithNoMutualAuth() {
-        Assert.assertNotNull(SslContextFactory.createSslContext(authProps));
+        SslContextFactory.createSslContext(authProps);
     }
 
 }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/test/resources/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/test/resources/nifi.properties
index 4709c21472..189dbafee4 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/test/resources/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/test/resources/nifi.properties
@@ -61,7 +61,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=src/test/resources/dummy-certs/localhost-ts.jks
 nifi.security.truststoreType=JKS
 nifi.security.truststorePasswd=localtest
-nifi.security.needClientAuth=true
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/nifi-flow.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/nifi-flow.properties
index aab0d3fd1b..1f6f121ae7 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/nifi-flow.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/nifi-flow.properties
@@ -96,7 +96,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=target/test-classes/access-control/truststore.jks
 nifi.security.truststoreType=JKS
 nifi.security.truststorePasswd=passwordpassword
-nifi.security.needClientAuth=true
 nifi.security.user.login.identity.provider=test-provider
 nifi.security.user.authorizer=flow-test-provider
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/nifi.properties
index f40db46498..6ec81ffe6f 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/nifi.properties
@@ -96,7 +96,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=target/test-classes/access-control/truststore.jks
 nifi.security.truststoreType=JKS
 nifi.security.truststorePasswd=passwordpassword
-nifi.security.needClientAuth=true
 nifi.security.user.login.identity.provider=test-provider
 nifi.security.user.authorizer=test-provider
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/site-to-site/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/site-to-site/nifi.properties
index 500ce703f4..b612c551d3 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/site-to-site/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/site-to-site/nifi.properties
@@ -137,7 +137,6 @@ nifi.security.keyPasswd=${nifi.security.keyPasswd}
 nifi.security.truststore=${nifi.security.truststore}
 nifi.security.truststoreType=${nifi.security.truststoreType}
 nifi.security.truststorePasswd=${nifi.security.truststorePasswd}
-nifi.security.needClientAuth=${nifi.security.needClientAuth}
 nifi.security.user.authorizer=${nifi.security.user.authorizer}
 nifi.security.user.login.identity.provider=${nifi.security.user.login.identity.provider}
 nifi.security.ocsp.responder.url=${nifi.security.ocsp.responder.url}
diff --git a/nifi-toolkit/nifi-toolkit-admin/src/test/resources/notify/conf/nifi-secured.properties b/nifi-toolkit/nifi-toolkit-admin/src/test/resources/notify/conf/nifi-secured.properties
index e498c75c9f..2e70175e09 100644
--- a/nifi-toolkit/nifi-toolkit-admin/src/test/resources/notify/conf/nifi-secured.properties
+++ b/nifi-toolkit/nifi-toolkit-admin/src/test/resources/notify/conf/nifi-secured.properties
@@ -62,7 +62,6 @@ nifi.security.keyPasswd=badKeyPass
 nifi.security.truststore=target/tmp/keys/localhost/truststore.jks
 nifi.security.truststoreType=JKS
 nifi.security.truststorePasswd=badTrustPass
-nifi.security.needClientAuth=true
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-toolkit/nifi-toolkit-admin/src/test/resources/notify/conf/nifi.properties b/nifi-toolkit/nifi-toolkit-admin/src/test/resources/notify/conf/nifi.properties
index 0841c290d6..d14eb7e9a0 100644
--- a/nifi-toolkit/nifi-toolkit-admin/src/test/resources/notify/conf/nifi.properties
+++ b/nifi-toolkit/nifi-toolkit-admin/src/test/resources/notify/conf/nifi.properties
@@ -143,7 +143,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=file-provider
 nifi.security.user.login.identity.provider=
 nifi.security.ocsp.responder.url=
diff --git a/nifi-toolkit/nifi-toolkit-admin/src/test/resources/notify/conf_secure/nifi.properties b/nifi-toolkit/nifi-toolkit-admin/src/test/resources/notify/conf_secure/nifi.properties
index d3e2990a9d..66abbf47be 100644
--- a/nifi-toolkit/nifi-toolkit-admin/src/test/resources/notify/conf_secure/nifi.properties
+++ b/nifi-toolkit/nifi-toolkit-admin/src/test/resources/notify/conf_secure/nifi.properties
@@ -62,7 +62,6 @@ nifi.security.keyPasswd=badKeyPass
 nifi.security.truststore=target/tmp/keys/localhost/truststore.jks
 nifi.security.truststoreType=JKS
 nifi.security.truststorePasswd=badTrustPass
-nifi.security.needClientAuth=true
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_default.properties b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_default.properties
index 6cbc1de527..90dacb9e11 100644
--- a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_default.properties
+++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_default.properties
@@ -82,7 +82,6 @@ nifi.security.keyPasswd=
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes.properties b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes.properties
index e7607dab96..37c3aaa696 100644
--- a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes.properties
+++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes.properties
@@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=aes/gcm/256
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes_128.properties b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes_128.properties
index 06db8caa67..d9db09d25f 100644
--- a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes_128.properties
+++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes_128.properties
@@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=aes/gcm/128
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes_password.properties b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes_password.properties
index 1568bc5056..79c8250d66 100644
--- a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes_password.properties
+++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes_password.properties
@@ -85,7 +85,6 @@ nifi.security.keyPasswd.protected=aes/gcm/256
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes_password_128.properties b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes_password_128.properties
index 1754a76697..08deb563f9 100644
--- a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes_password_128.properties
+++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_protected_aes_password_128.properties
@@ -86,7 +86,6 @@ nifi.security.keyPasswd.protected=aes/gcm/128
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_unprotected.properties b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_unprotected.properties
index 349e9ba3cd..f78d685d9c 100644
--- a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_unprotected.properties
+++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_unprotected.properties
@@ -82,7 +82,6 @@ nifi.security.keyPasswd=thisIsABadKeyPassword
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_unprotected_and_empty_protection_schemes.properties b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_unprotected_and_empty_protection_schemes.properties
index b8b1335c8b..30a3c7365e 100644
--- a/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_unprotected_and_empty_protection_schemes.properties
+++ b/nifi-toolkit/nifi-toolkit-encrypt-config/src/test/resources/nifi_with_sensitive_properties_unprotected_and_empty_protection_schemes.properties
@@ -84,7 +84,6 @@ nifi.security.keyPasswd=thisIsABadKeyPassword
 nifi.security.truststore=
 nifi.security.truststoreType=
 nifi.security.truststorePasswd=
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=
 
 # cluster common properties (cluster manager and nodes must have same values) #
diff --git a/nifi-toolkit/nifi-toolkit-s2s/src/main/java/org/apache/nifi/toolkit/s2s/SiteToSiteCliMain.java b/nifi-toolkit/nifi-toolkit-s2s/src/main/java/org/apache/nifi/toolkit/s2s/SiteToSiteCliMain.java
index 8ab546a241..e57dbbd544 100644
--- a/nifi-toolkit/nifi-toolkit-s2s/src/main/java/org/apache/nifi/toolkit/s2s/SiteToSiteCliMain.java
+++ b/nifi-toolkit/nifi-toolkit-s2s/src/main/java/org/apache/nifi/toolkit/s2s/SiteToSiteCliMain.java
@@ -72,7 +72,6 @@ public class SiteToSiteCliMain {
     public static final String PROXY_PASSWORD_OPTION = "proxyPassword";
     public static final String PROXY_PORT_OPTION_DEFAULT = "80";
     public static final String KEYSTORE_TYPE_OPTION_DEFAULT = KeystoreType.JKS.toString();
-    public static final String NEED_CLIENT_AUTH_OPTION = "needClientAuth";
 
     /**
      * Prints the usage to System.out
@@ -141,7 +140,6 @@ public class SiteToSiteCliMain {
         options.addOption(null, TRUST_STORE_OPTION, true, "Truststore");
         options.addOption(null, TRUST_STORE_TYPE_OPTION, true, "Truststore type (default: " + KEYSTORE_TYPE_OPTION_DEFAULT + ")");
         options.addOption(null, TRUST_STORE_PASSWORD_OPTION, true, "Truststore password");
-        options.addOption(null, NEED_CLIENT_AUTH_OPTION, false, "Need client auth");
         options.addOption("c", COMPRESSION_OPTION, false, "Use compression");
         options.addOption(null, PEER_PERSISTENCE_FILE_OPTION, true, "File to write peer information to so it can be recovered on restart");
         options.addOption("p", TRANSPORT_PROTOCOL_OPTION, true, "Site to site transport protocol (default: " + TRANSPORT_PROTOCOL_OPTION_DEFAULT + ")");
diff --git a/nifi-toolkit/nifi-toolkit-tls/src/test/resources/localhost/nifi.properties b/nifi-toolkit/nifi-toolkit-tls/src/test/resources/localhost/nifi.properties
index 90ffe380a9..2eedb0454a 100644
--- a/nifi-toolkit/nifi-toolkit-tls/src/test/resources/localhost/nifi.properties
+++ b/nifi-toolkit/nifi-toolkit-tls/src/test/resources/localhost/nifi.properties
@@ -140,7 +140,6 @@ nifi.security.keyPasswd=qgs57rmnot6p8gm97pfjutnu5g
 nifi.security.truststore=./conf/truststore.jks
 nifi.security.truststoreType=jks
 nifi.security.truststorePasswd=t7rmn1fg8np2ck1sduqdd85opv
-nifi.security.needClientAuth=
 nifi.security.user.authorizer=file-provider
 nifi.security.user.login.identity.provider=
 nifi.security.ocsp.responder.url=