diff --git a/CHANGELOG.md b/CHANGELOG.md
index f5b7dc5dd..09c7a1d65 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -35,6 +35,7 @@ All notable changes to this project will be documented in this file.
 - Make username, user id, group id configurable, use numeric ids everywhere, change group of all files to 0 ([#849], [#890], [#897]).
 - ci: Bump `stackabletech/actions` to 0.0.7 ([#901], [#903]).
 - ubi-rust-builder: Bump Rust toolchain to 1.81.0 ([#902]).
+- nifi: Disable the SNI check in NiFi 2.0, see [the decision](https://github.com/stackabletech/decisions/issues/34) ([#908]).
 
 ### Removed
 
@@ -93,6 +94,7 @@ All notable changes to this project will be documented in this file.
 [#901]: https://github.com/stackabletech/docker-images/pull/901
 [#902]: https://github.com/stackabletech/docker-images/pull/902
 [#903]: https://github.com/stackabletech/docker-images/pull/903
+[#908]: https://github.com/stackabletech/docker-images/pull/908
 
 ## [24.7.0] - 2024-07-24
 
diff --git a/nifi/stackable/patches/2.0.0-M4/004-disable-sni-check.patch b/nifi/stackable/patches/2.0.0-M4/004-disable-sni-check.patch
new file mode 100644
index 000000000..a6b0eb914
--- /dev/null
+++ b/nifi/stackable/patches/2.0.0-M4/004-disable-sni-check.patch
@@ -0,0 +1,13 @@
+diff --git a/nifi-commons/nifi-jetty-configuration/src/main/java/org/apache/nifi/jetty/configuration/connector/StandardServerConnectorFactory.java b/nifi-commons/nifi-jetty-configuration/src/main/java/org/apache/nifi/jetty/configuration/connector/StandardServerConnectorFactory.java
+index 1f36ca1116..87e04091c9 100644
+--- a/nifi-commons/nifi-jetty-configuration/src/main/java/org/apache/nifi/jetty/configuration/connector/StandardServerConnectorFactory.java
++++ b/nifi-commons/nifi-jetty-configuration/src/main/java/org/apache/nifi/jetty/configuration/connector/StandardServerConnectorFactory.java
+@@ -183,6 +183,8 @@ public class StandardServerConnectorFactory implements ServerConnectorFactory {
+             httpConfiguration.setSendServerVersion(SEND_SERVER_VERSION);
+ 
+             final SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
++            // Disable the SNI check, see https://github.com/stackabletech/decisions/issues/34
++            secureRequestCustomizer.setSniHostCheck(false);
+             httpConfiguration.addCustomizer(secureRequestCustomizer);
+         }
+