F5 Config utility-Host is Vulnerable to Extended Master Secret TLS Extension

Question

HiQualys scan reports Host is Vulnerable to Extended Master Secret TLS Extensionthe scan is done for the BIGIP configuration utility ie management ip.  NOT of any VIP.&nbsp;i didnt find any workaround to mitigate this on the configuration utility ssl .

lidev · Answer

Hello ragunath154,&nbsp;You can find your solution on this article: https://support.f5.com/csp/article/K66202244&nbsp;Regards

ragunath154 · Answer

Hi Lidevthanks for the link,i think that workaround is for the client ssl profile which attached to any virtual server.&nbsp;i my case the scanning is done on  the bigip configuration utility with device certificate.

lidev · Answer

sorry you're right, it doesn't fit your problem.Maybe try to limit SSL protocols and ciphers allowed by Configuration utility ?https://support.f5.com/csp/article/K02321234&nbsp;

Forum Discussion

F5 Config utility-Host is Vulnerable to Extended Master Secret TLS Extension

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

SSL Orchestrator Service Extensions: User Coaching

F5 CIS, TLS Extensions, and troubleshooting

Mitigating Apache Camel Vulnerability CVE-2025–27636 with F5 Products

F5 Cloud Failover Extension (CFE), private endpoints, and custom DNS

Using VPC Endpoints with Cloud Failover Extension

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS