Terraform-provider-aws: aws_alb_listener does not remove ssl_policy when changing to HTTP

Terraform Version

Terraform v0.10.7

Affected Resource(s)

Please list the resources as a list, for example:

• aws_alb_listener

Relevant config

resource "aws_alb_listener" "internal_email_ext_listener" {
  load_balancer_arn = "${module.asg_alb.internal_alb_arn}"
  port              = "55000"
  protocol          = "HTTP"
  # protocol          = "HTTPS"
  # ssl_policy        = "ELBSecurityPolicy-2016-08"
  # certificate_arn   = "${data.aws_acm_certificate.ssl_cert.arn}"

  default_action {
    target_group_arn = "${aws_alb_target_group.internal_mail_ext.arn}"
    type             = "forward"
  }
}

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. create an HTTPS ALB Listener
2. change the listener protocol to HTTP, removing the certificate and ssl_policy attributes too
3. terraform apply

Error applying plan:

1 error(s) occurred:

* aws_alb_listener.internal_email_ext_listener: 1 error(s) occurred:

* aws_alb_listener.internal_email_ext_listener: Error modifying ALB Listener: ValidationError: A SSL policy cannot be specifed for an HTTP listener
    status code: 400, request id: fe12ea1c-adce-11e7-88fb-fd772fe849a9

The plan shows only the certificate being removed and the protocol being updated:

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  ~ aws_alb_listener.internal_email_ext_listener
      certificate_arn: "arn:aws:acm:us-west-2:AWS_ACCOUNT_ID:certificate/SSLCERT_ID" => ""
      protocol:        "HTTPS" => "HTTP"


Plan: 0 to add, 1 to change, 0 to destroy.

------------------------------------------------------------------------