Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update azurerm_api_management - Support more cipher options #9276

Merged
merged 19 commits into from
Jan 18, 2021
Merged

Update azurerm_api_management - Support more cipher options #9276

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
fc4a449
Add more cipher options to API management.
flo-02-mu Nov 11, 2020
aa8fd44
Add new cipher options to acc test.
flo-02-mu Nov 11, 2020
29972d5
Rename cipher options to match allowed pattern
flo-02-mu Nov 11, 2020
613fea4
Rename all cipher flags to match proposed convention.
flo-02-mu Nov 12, 2020
ff22d44
Merge branch 'master' into more-apim-cipher-flags
flo-02-mu Nov 19, 2020
633c21a
Add deprecation fallback for enable_triple_des_ciphers
flo-02-mu Nov 28, 2020
db4e4bb
Fix path for deprecated triple des property
flo-02-mu Nov 28, 2020
89d4e55
Merge remote-tracking branch 'upstream/master' into more-apim-cipher-…
flo-02-mu Dec 8, 2020
002ef1b
Merge remote-tracking branch 'upstream/master' into more-apim-cipher-…
flo-02-mu Jan 11, 2021
946499d
Update azurerm/internal/services/apimanagement/api_management_resourc…
flo-02-mu Jan 12, 2021
c57121f
Update azurerm/internal/services/apimanagement/api_management_resourc…
flo-02-mu Jan 12, 2021
91acc48
Update azurerm/internal/services/apimanagement/api_management_resourc…
flo-02-mu Jan 12, 2021
cd34408
Update azurerm/internal/services/apimanagement/api_management_resourc…
flo-02-mu Jan 12, 2021
937847a
Update azurerm/internal/services/apimanagement/api_management_resourc…
flo-02-mu Jan 12, 2021
4a8635b
Remove non-existing property from documentation.
flo-02-mu Jan 12, 2021
841568f
Update website/docs/r/api_management.html.markdown
flo-02-mu Jan 12, 2021
668b0a1
azurerm_api_management: fix typo in test config
manicminer Jan 14, 2021
22e4937
Exclude all cipher options for consumption sku
flo-02-mu Jan 14, 2021
3cfe3db
azurerm_api_management: use Computed for deprecated attribute
manicminer Jan 18, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
167 changes: 157 additions & 10 deletions azurerm/internal/services/apimanagement/api_management_resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,23 @@ import (
)

var (
apimBackendProtocolSsl3 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30"
apimBackendProtocolTls10 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10"
apimBackendProtocolTls11 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11"
apimFrontendProtocolSsl3 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30"
apimFrontendProtocolTls10 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10"
apimFrontendProtocolTls11 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11"
apimTripleDesCiphers = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168"
apimHttp2Protocol = "Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2"
apimBackendProtocolSsl3 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30"
apimBackendProtocolTls10 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10"
apimBackendProtocolTls11 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11"
apimFrontendProtocolSsl3 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30"
apimFrontendProtocolTls10 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10"
apimFrontendProtocolTls11 = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11"
apimTripleDesCiphers = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168"
apimHttp2Protocol = "Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2"
apimTlsEcdheEcdsaWithAes256CbcShaCiphers = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
apimTlsEcdheEcdsaWithAes128CbcShaCiphers = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
apimTlsEcdheRsaWithAes256CbcShaCiphers = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
apimTlsEcdheRsaWithAes128CbcShaCiphers = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
apimTlsRsaWithAes128GcmSha256Ciphers = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256"
apimTlsRsaWithAes256CbcSha256Ciphers = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256"
apimTlsRsaWithAes128CbcSha256Ciphers = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256"
apimTlsRsaWithAes256CbcShaCiphers = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA"
apimTlsRsaWithAes128CbcShaCiphers = "Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA"
)

func resourceApiManagementService() *schema.Resource {
Expand Down Expand Up @@ -284,7 +293,63 @@ func resourceApiManagementService() *schema.Resource {
Default: false,
},

// TODO: Remove in v3.0
"enable_triple_des_ciphers": {
Copy link
Contributor

@manicminer manicminer Nov 23, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@flo-02-mu You can maintain compatibility by keeping the existing property, adding the Deprecated field, and checking for both in the expandApiManagementCustomProperties() function (preferring the new one).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added. Not sure if the d.GetOk(...) works for the nested block as expected though.

Type: schema.TypeBool,
Optional: true,
Computed: true,
ConflictsWith: []string{"security.0.triple_des_ciphers_enabled"},
Deprecated: "this has been renamed to the boolean attribute `triple_des_ciphers_enabled`.",
},

"triple_des_ciphers_enabled": {
Type: schema.TypeBool,
Optional: true,
Computed: true, // TODO: v3.0 remove Computed and set Default: false
ConflictsWith: []string{"security.0.enable_triple_des_ciphers"},
},

"tls_ecdhe_ecdsa_with_aes256_cbc_sha_ciphers_enabled": {
Type: schema.TypeBool,
Optional: true,
Default: false,
},
"tls_ecdhe_ecdsa_with_aes128_cbc_sha_ciphers_enabled": {
Type: schema.TypeBool,
Optional: true,
Default: false,
},
"tls_ecdhe_rsa_with_aes256_cbc_sha_ciphers_enabled": {
Type: schema.TypeBool,
Optional: true,
Default: false,
},
"tls_ecdhe_rsa_with_aes128_cbc_sha_ciphers_enabled": {
Type: schema.TypeBool,
Optional: true,
Default: false,
},
"tls_rsa_with_aes128_gcm_sha256_ciphers_enabled": {
Type: schema.TypeBool,
Optional: true,
Default: false,
},
"tls_rsa_with_aes256_cbc_sha256_ciphers_enabled": {
Type: schema.TypeBool,
Optional: true,
Default: false,
},
"tls_rsa_with_aes128_cbc_sha256_ciphers_enabled": {
Type: schema.TypeBool,
Optional: true,
Default: false,
},
"tls_rsa_with_aes256_cbc_sha_ciphers_enabled": {
Type: schema.TypeBool,
Optional: true,
Default: false,
},
"tls_rsa_with_aes128_cbc_sha_ciphers_enabled": {
Type: schema.TypeBool,
Optional: true,
Default: false,
Expand Down Expand Up @@ -1169,6 +1234,15 @@ func expandApiManagementCustomProperties(d *schema.ResourceData, skuIsConsumptio
frontendProtocolTls10 := false
frontendProtocolTls11 := false
tripleDesCiphers := false
tlsEcdheEcdsaWithAes256CbcShaCiphers := false
tlsEcdheEcdsaWithAes128CbcShaCiphers := false
tlsEcdheRsaWithAes256CbcShaCiphers := false
tlsEcdheRsaWithAes128CbcShaCiphers := false
tlsRsaWithAes128GcmSha256Ciphers := false
tlsRsaWithAes256CbcSha256Ciphers := false
tlsRsaWithAes128CbcSha256Ciphers := false
tlsRsaWithAes256CbcShaCiphers := false
tlsRsaWithAes128CbcShaCiphers := false

if vs := d.Get("security").([]interface{}); len(vs) > 0 {
v := vs[0].(map[string]interface{})
Expand All @@ -1178,14 +1252,68 @@ func expandApiManagementCustomProperties(d *schema.ResourceData, skuIsConsumptio
frontendProtocolSsl3 = v["enable_frontend_ssl30"].(bool)
frontendProtocolTls10 = v["enable_frontend_tls10"].(bool)
frontendProtocolTls11 = v["enable_frontend_tls11"].(bool)
tripleDesCiphers = v["enable_triple_des_ciphers"].(bool)

// TODO: Remove and simplify after deprecation
if v, exists := v["enable_triple_des_ciphers"]; exists {
tripleDesCiphers = v.(bool)
}
if v, exists := v["triple_des_ciphers_enabled"]; exists {
tripleDesCiphers = v.(bool)
}

tlsEcdheEcdsaWithAes256CbcShaCiphers = v["tls_ecdhe_ecdsa_with_aes256_cbc_sha_ciphers_enabled"].(bool)
tlsEcdheEcdsaWithAes128CbcShaCiphers = v["tls_ecdhe_ecdsa_with_aes128_cbc_sha_ciphers_enabled"].(bool)
tlsEcdheRsaWithAes256CbcShaCiphers = v["tls_ecdhe_rsa_with_aes256_cbc_sha_ciphers_enabled"].(bool)
tlsEcdheRsaWithAes128CbcShaCiphers = v["tls_ecdhe_rsa_with_aes128_cbc_sha_ciphers_enabled"].(bool)
tlsRsaWithAes128GcmSha256Ciphers = v["tls_rsa_with_aes128_gcm_sha256_ciphers_enabled"].(bool)
tlsRsaWithAes256CbcSha256Ciphers = v["tls_rsa_with_aes256_cbc_sha256_ciphers_enabled"].(bool)
tlsRsaWithAes128CbcSha256Ciphers = v["tls_rsa_with_aes128_cbc_sha256_ciphers_enabled"].(bool)
tlsRsaWithAes256CbcShaCiphers = v["tls_rsa_with_aes256_cbc_sha_ciphers_enabled"].(bool)
tlsRsaWithAes128CbcShaCiphers = v["tls_rsa_with_aes128_cbc_sha_ciphers_enabled"].(bool)

if skuIsConsumption && frontendProtocolSsl3 {
return nil, fmt.Errorf("`enable_frontend_ssl30` is not support for Sku Tier `Consumption`")
}

if skuIsConsumption && tripleDesCiphers {
return nil, fmt.Errorf("`enable_triple_des_ciphers` is not support for Sku Tier `Consumption`")
}

if skuIsConsumption && tlsEcdheEcdsaWithAes256CbcShaCiphers {
return nil, fmt.Errorf("`tls_ecdhe_ecdsa_with_aes256_cbc_sha_ciphers_enabled` is not support for Sku Tier `Consumption`")
}

if skuIsConsumption && tlsEcdheEcdsaWithAes128CbcShaCiphers {
return nil, fmt.Errorf("`tls_ecdhe_ecdsa_with_aes128_cbc_sha_ciphers_enabled` is not support for Sku Tier `Consumption`")
}

if skuIsConsumption && tlsEcdheRsaWithAes256CbcShaCiphers {
return nil, fmt.Errorf("`tls_ecdhe_rsa_with_aes256_cbc_sha_ciphers_enabled` is not support for Sku Tier `Consumption`")
}

if skuIsConsumption && tlsEcdheRsaWithAes128CbcShaCiphers {
return nil, fmt.Errorf("`tls_ecdhe_rsa_with_aes128_cbc_sha_ciphers_enabled` is not support for Sku Tier `Consumption`")
}

if skuIsConsumption && tlsRsaWithAes128GcmSha256Ciphers {
return nil, fmt.Errorf("`tls_rsa_with_aes128_gcm_sha256_ciphers_enabled` is not support for Sku Tier `Consumption`")
}

if skuIsConsumption && tlsRsaWithAes256CbcSha256Ciphers {
return nil, fmt.Errorf("`tls_rsa_with_aes256_cbc_sha256_ciphers_enabled` is not support for Sku Tier `Consumption`")
}

if skuIsConsumption && tlsRsaWithAes128CbcSha256Ciphers {
return nil, fmt.Errorf("`tls_rsa_with_aes128_cbc_sha256_ciphers_enabled` is not support for Sku Tier `Consumption`")
}

if skuIsConsumption && tlsRsaWithAes256CbcShaCiphers {
return nil, fmt.Errorf("`tls_rsa_with_aes256_cbc_sha_ciphers_enabled` is not support for Sku Tier `Consumption`")
}

if skuIsConsumption && tlsRsaWithAes128CbcShaCiphers {
return nil, fmt.Errorf("`tls_rsa_with_aes128_cbc_sha_ciphers_enabled` is not support for Sku Tier `Consumption`")
}
}

customProperties := map[string]*string{
Expand All @@ -1199,6 +1327,15 @@ func expandApiManagementCustomProperties(d *schema.ResourceData, skuIsConsumptio
if !skuIsConsumption {
customProperties[apimFrontendProtocolSsl3] = utils.String(strconv.FormatBool(frontendProtocolSsl3))
customProperties[apimTripleDesCiphers] = utils.String(strconv.FormatBool(tripleDesCiphers))
customProperties[apimTlsEcdheEcdsaWithAes256CbcShaCiphers] = utils.String(strconv.FormatBool(tlsEcdheEcdsaWithAes256CbcShaCiphers))
customProperties[apimTlsEcdheEcdsaWithAes128CbcShaCiphers] = utils.String(strconv.FormatBool(tlsEcdheEcdsaWithAes128CbcShaCiphers))
customProperties[apimTlsEcdheRsaWithAes256CbcShaCiphers] = utils.String(strconv.FormatBool(tlsEcdheRsaWithAes256CbcShaCiphers))
customProperties[apimTlsEcdheRsaWithAes128CbcShaCiphers] = utils.String(strconv.FormatBool(tlsEcdheRsaWithAes128CbcShaCiphers))
customProperties[apimTlsRsaWithAes128GcmSha256Ciphers] = utils.String(strconv.FormatBool(tlsRsaWithAes128GcmSha256Ciphers))
customProperties[apimTlsRsaWithAes256CbcSha256Ciphers] = utils.String(strconv.FormatBool(tlsRsaWithAes256CbcSha256Ciphers))
customProperties[apimTlsRsaWithAes128CbcSha256Ciphers] = utils.String(strconv.FormatBool(tlsRsaWithAes128CbcSha256Ciphers))
customProperties[apimTlsRsaWithAes256CbcShaCiphers] = utils.String(strconv.FormatBool(tlsRsaWithAes256CbcShaCiphers))
customProperties[apimTlsRsaWithAes128CbcShaCiphers] = utils.String(strconv.FormatBool(tlsRsaWithAes128CbcShaCiphers))
}

if vp := d.Get("protocols").([]interface{}); len(vp) > 0 {
Expand Down Expand Up @@ -1235,7 +1372,17 @@ func flattenApiManagementSecurityCustomProperties(input map[string]*string, skuI

if !skuIsConsumption {
output["enable_frontend_ssl30"] = parseApiManagementNilableDictionary(input, apimFrontendProtocolSsl3)
output["enable_triple_des_ciphers"] = parseApiManagementNilableDictionary(input, apimTripleDesCiphers)
output["triple_des_ciphers_enabled"] = parseApiManagementNilableDictionary(input, apimTripleDesCiphers)
output["enable_triple_des_ciphers"] = output["triple_des_ciphers_enabled"] // TODO: remove in v3.0
output["tls_ecdhe_ecdsa_with_aes256_cbc_sha_ciphers_enabled"] = parseApiManagementNilableDictionary(input, apimTlsEcdheEcdsaWithAes256CbcShaCiphers)
output["tls_ecdhe_ecdsa_with_aes128_cbc_sha_ciphers_enabled"] = parseApiManagementNilableDictionary(input, apimTlsEcdheEcdsaWithAes128CbcShaCiphers)
output["tls_ecdhe_rsa_with_aes256_cbc_sha_ciphers_enabled"] = parseApiManagementNilableDictionary(input, apimTlsEcdheRsaWithAes256CbcShaCiphers)
output["tls_ecdhe_rsa_with_aes128_cbc_sha_ciphers_enabled"] = parseApiManagementNilableDictionary(input, apimTlsEcdheRsaWithAes128CbcShaCiphers)
output["tls_rsa_with_aes128_gcm_sha256_ciphers_enabled"] = parseApiManagementNilableDictionary(input, apimTlsRsaWithAes128GcmSha256Ciphers)
output["tls_rsa_with_aes256_cbc_sha256_ciphers_enabled"] = parseApiManagementNilableDictionary(input, apimTlsRsaWithAes256CbcSha256Ciphers)
output["tls_rsa_with_aes128_cbc_sha256_ciphers_enabled"] = parseApiManagementNilableDictionary(input, apimTlsRsaWithAes128CbcSha256Ciphers)
output["tls_rsa_with_aes256_cbc_sha_ciphers_enabled"] = parseApiManagementNilableDictionary(input, apimTlsRsaWithAes256CbcShaCiphers)
output["tls_rsa_with_aes128_cbc_sha_ciphers_enabled"] = parseApiManagementNilableDictionary(input, apimTlsRsaWithAes128CbcShaCiphers)
}

return []interface{}{output}
Expand Down
27 changes: 18 additions & 9 deletions azurerm/internal/services/apimanagement/api_management_resource_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -648,8 +648,8 @@ resource "azurerm_api_management" "test" {
sku_name = "Developer_1"

security {
enable_frontend_tls10 = true
enable_triple_des_ciphers = true
enable_frontend_tls10 = true
triple_des_ciphers_enabled = true
}
}
`, data.RandomInteger, data.Locations.Secondary, data.RandomInteger)
Expand Down Expand Up @@ -744,13 +744,22 @@ resource "azurerm_api_management" "test" {
}

security {
enable_backend_tls11 = true
enable_backend_ssl30 = true
enable_backend_tls10 = true
enable_frontend_ssl30 = true
enable_frontend_tls10 = true
enable_frontend_tls11 = true
enable_triple_des_ciphers = true
enable_backend_tls11 = true
enable_backend_ssl30 = true
enable_backend_tls10 = true
enable_frontend_ssl30 = true
enable_frontend_tls10 = true
enable_frontend_tls11 = true
tls_ecdhe_ecdsa_with_aes128_cbc_sha_ciphers_enabled = true
tls_ecdhe_ecdsa_with_aes256_cbc_sha_ciphers_enabled = true
tls_ecdhe_rsa_with_aes128_cbc_sha_ciphers_enabled = true
tls_ecdhe_rsa_with_aes256_cbc_sha_ciphers_enabled = true
tls_rsa_with_aes128_cbc_sha256_ciphers_enabled = true
tls_rsa_with_aes128_cbc_sha_ciphers_enabled = true
tls_rsa_with_aes128_gcm_sha256_ciphers_enabled = true
tls_rsa_with_aes256_cbc_sha256_ciphers_enabled = true
tls_rsa_with_aes256_cbc_sha_ciphers_enabled = true
triple_des_ciphers_enabled = true
}

hostname_configuration {
Expand Down
44 changes: 40 additions & 4 deletions website/docs/r/api_management.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -215,8 +215,48 @@ A `security` block supports the following:

-> **info:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11` field

* `tls_ecdhe_ecdsa_with_aes128_cbc_sha_ciphers_enabled` - (Optional) Should the `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA` cipher be enabled? Defaults to `false`.

-> **info:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA` field

* `tls_ecdhe_ecdsa_with_aes256_cbc_sha_ciphers_enabled` - (Optional) Should the `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA` cipher be enabled? Defaults to `false`.

-> **info:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA` field

* `tls_ecdheRsa_with_aes128_cbc_sha_ciphers_enabled` - (Optional) Should the `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` cipher be enabled? Defaults to `false`.

-> **info:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` field

* `tls_ecdheRsa_with_aes256_cbc_sha_ciphers_enabled` - (Optional) Should the `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` cipher be enabled? Defaults to `false`.

-> **info:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` field

* `tls_rsa_with_aes128_cbc_sha256_ciphers_enabled` - (Optional) Should the `TLS_RSA_WITH_AES_128_CBC_SHA256` cipher be enabled? Defaults to `false`.

-> **info:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA256` field

* `tls_rsa_with_aes128_cbc_sha_ciphers_enabled` - (Optional) Should the `TLS_RSA_WITH_AES_128_CBC_SHA` cipher be enabled? Defaults to `false`.

-> **info:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_CBC_SHA` field

* `tls_rsa_with_aes128_gcm_sha256_ciphers_enabled` - (Optional) Should the `TLS_RSA_WITH_AES_128_GCM_SHA256` cipher be enabled? Defaults to `false`.

-> **info:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_128_GCM_SHA256` field

* `tls_rsa_with_aes256_cbc_sha256_ciphers_enabled` - (Optional) Should the `TLS_RSA_WITH_AES_256_CBC_SHA256` cipher be enabled? Defaults to `false`.

-> **info:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA256` field

* `tls_rsa_with_aes256_cbc_sha_ciphers_enabled` - (Optional) Should the `TLS_RSA_WITH_AES_256_CBC_SHA` cipher be enabled? Defaults to `false`.

-> **info:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TLS_RSA_WITH_AES_256_CBC_SHA` field

* `enable_triple_des_ciphers` - (Optional) Should the `TLS_RSA_WITH_3DES_EDE_CBC_SHA` cipher be enabled for alL TLS versions (1.0, 1.1 and 1.2)? Defaults to `false`.

-> **Note:** This property has been deprecated in favour of the `triple_des_ciphers_enabled` property and will be removed in version 3.0 of the provider.

* `triple_des_ciphers_enabled` - (Optional) Should the `TLS_RSA_WITH_3DES_EDE_CBC_SHA` cipher be enabled for alL TLS versions (1.0, 1.1 and 1.2)? Defaults to `false`.

-> **info:** This maps to the `Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168` field

* `disable_backend_ssl30` - (Optional) Should SSL 3.0 be disabled on the backend of the gateway? This property was mistakenly inverted and `true` actually enables it. Defaults to `false`.
Expand All @@ -243,10 +283,6 @@ A `security` block supports the following:

-> **Note:** This property has been deprecated in favour of the `enable_frontend_tls11` property and will be removed in version 2.0 of the provider.

* `disable_triple_des_ciphers` - (Optional) Should the `TLS_RSA_WITH_3DES_EDE_CBC_SHA` cipher be disabled for alL TLS versions (1.0, 1.1 and 1.2)? This property was mistakenly inverted and `true` actually enables it. Defaults to `false`.

-> **Note:** This property has been deprecated in favour of the `enable_triple_des_ciphers` property and will be removed in version 2.0 of the provider.

---

A `sign_in` block supports the following:
Expand Down