Update docs/reference/security/fips-140-compliance.asciidoc

Co-authored-by: Tim Vernum <[email protected]>

docs/reference/security/fips-140-compliance.asciidoc

@@ -54,8 +54,8 @@ https://docs.oracle.com/en/java/javase/17/security/java-secure-socket-extension-
 so that the JVM uses FIPS validated implementations of NIST recommended cryptographic algorithms.
 
 Elasticsearch has been tested with Bouncy Castle's https://repo1.maven.org/maven2/org/bouncycastle/bc-fips/1.0.2.4/bc-fips-1.0.2.4.jar[bc-fips 1.0.2.4]
-and https://repo1.maven.org/maven2/org/bouncycastle/bctls-fips/1.0.17/bctls-fips-1.0.17.jar[bctls-fips 1.0.17] but other
-FIPS certified providers may be used. Elasticsearch does not ship with a FIPS certified provider. It is the responsibility of the user
+and https://repo1.maven.org/maven2/org/bouncycastle/bctls-fips/1.0.17/bctls-fips-1.0.17.jar[bctls-fips 1.0.17].
+Please refer to the [Support Matrix] for details on which combinations of JVM and security provider are supported in FIPS mode. Elasticsearch does not ship with a FIPS certified provider. It is the responsibility of the user
 to install and configure the security provider to ensure compliance with FIPS 140-2. Using a FIPS certified provider will ensure that only
 approved cryptographic algorithms are used.