Description
Terraform Core Version
1.10.4
citrixadc Provider Version
1.43.0
Operating system
Linux
Affected Resource(s)
The new 1.43.0 version of the citrixadc provider fails to connect to a vpx created using the provision_vpx resource from the netscalersdx provider. The problem is that the new citrixadc provider version only offer ecdhe ciphers int the TLS client hello message, while the vpx only accepts rsa ciphers until the citrixadc_sslparameter resource have been used to set "defaultprofile" to "ENABLED". Which must be done with an older version of the provider (tested with 1.41.0) since the new version cannot connect to the vpx until this change have been done. And no, I don't know where in the GUI this setting is found.
Attempts to set the defaultprofile back to its default "DISABLED" value fails with the error message "Disabling ssl default profile is not allowed" from the vpx. Which to me indicates that the real bug is the default value for this setting in the vpx. But changing the default value will only fix the problem for new vpx releases, so a provider option to offer older cipher suits is required for older vpx versions. I assume it is the upgrade of the go version from 1.19.0 to 1.23.0 which caused the change in the offered tls ciphers, but I have no idea as to how go can be configured to also offer rsa ciphers.
This have been tested with the VPX versions 1.13-57.26 and 1.14-43.50, the most recent versions of these series as of today.
Equivalent NetScaler CLI Command
N/A
Expected Behavior
TLS handshake accepted by the vpx
Actual Behavior
TLS handshake aborted by the vpx
Relevant Error/Panic Output Snippet
│ Error: [ERROR] nitro-go: Failed to create resource of type XXX, name=3902, err=Post "https://vpx.example.org/nitro/v1/config/XXX": remote error: tls: handshake failureTerraform Configuration Files
N/A
Steps to Reproduce
Use the module with a newly created and unconfigured vpx
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response