APIM ciphers enable/disable

[serxansherif]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.0.1

AzureRM Provider Version

3.31.0

Affected Resource(s)/Data Source(s)

azurerm_api_management

Terraform Configuration Files

resource "azurerm_api_management" "test" {
  name                = "test-apim"
  location            = "westeurope"
  resource_group_name = "test-apim"
  publisher_name      = "Publisher name"
  publisher_email     = "info@test.test"

  security {
    tls_ecdhe_ecdsa_with_aes128_cbc_sha_ciphers_enabled = false
    tls_ecdhe_ecdsa_with_aes256_cbc_sha_ciphers_enabled = false
    tls_ecdhe_rsa_with_aes128_cbc_sha_ciphers_enabled   = false
    tls_ecdhe_rsa_with_aes256_cbc_sha_ciphers_enabled   = false
    tls_rsa_with_aes128_cbc_sha256_ciphers_enabled      = false
    tls_rsa_with_aes128_cbc_sha_ciphers_enabled         = false
    tls_rsa_with_aes128_gcm_sha256_ciphers_enabled      = false
    tls_rsa_with_aes256_cbc_sha256_ciphers_enabled      = false
    tls_rsa_with_aes256_cbc_sha_ciphers_enabled         = false
    triple_des_ciphers_enabled                          = false

    enable_backend_tls10  = false
    enable_backend_tls11  = false
    enable_frontend_tls10 = false
    enable_frontend_tls11 = false
  }

  sku_name = "Developer_1"
}

Debug Output/Panic Output

I added the following configs to "security" block to the existing azurerm_api_management but it doesn't reflect in terraform plan and apply.
These ciphers are shown enabled in the Portal.

    tls_ecdhe_ecdsa_with_aes128_cbc_sha_ciphers_enabled = false
    tls_ecdhe_ecdsa_with_aes256_cbc_sha_ciphers_enabled = false
    tls_ecdhe_rsa_with_aes128_cbc_sha_ciphers_enabled   = false
    tls_ecdhe_rsa_with_aes256_cbc_sha_ciphers_enabled   = false
    tls_rsa_with_aes128_cbc_sha256_ciphers_enabled      = false
    tls_rsa_with_aes128_cbc_sha_ciphers_enabled         = false
    tls_rsa_with_aes128_gcm_sha256_ciphers_enabled      = false
    tls_rsa_with_aes256_cbc_sha256_ciphers_enabled      = false
    tls_rsa_with_aes256_cbc_sha_ciphers_enabled         = false
    triple_des_ciphers_enabled                          = false

Backend and frontend TLS settings work as expected.

Expected Behaviour

security { tls_ecdhe_ecdsa_with_aes128_cbc_sha_ciphers_enabled = true -> false tls_ecdhe_ecdsa_with_aes256_cbc_sha_ciphers_enabled = true -> false ... ... }

Actual Behaviour

No changes. Your infrastructure matches the configuration.

Steps to Reproduce

No changes. Your infrastructure matches the configuration.

Important Factoids

No response

References

No response

[cloudcosmonaut]

Any update on this? I seem to be unable to disable weak ciphers with terraform :/