Forum Discussion

Cirrostratus

Oct 06, 2020

F5 Config utility-Host is Vulnerable to Extended Master Secret TLS Extension

Hi Qualys scan reports Host is Vulnerable to Extended Master Secret TLS Extension the scan is done for the BIGIP configuration utility ie management ip. NOT of any VIP. i didnt find any work...

Cirrostratus

Oct 06, 2020

Hi Lidev

thanks for the link,

i think that workaround is for the client ssl profile which attached to any virtual server.

i my case the scanning is done on the bigip configuration utility with device certificate.

Lidev

Nacreous

Oct 06, 2020

sorry you're right, it doesn't fit your problem.

Maybe try to limit SSL protocols and ciphers allowed by Configuration utility ?

https://support.f5.com/csp/article/K02321234

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

F5 Config utility-Host is Vulnerable to Extended Master Secret TLS Extension

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

iRule causing requests to be duplicated (sometimes)

SSL Bridging and FQDN rewrite Policy

How can I get started with iCall

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Could not communicate with the system. Try to reload page.

Related Content

SSL Orchestrator Service Extensions: DoH Guardian

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

Service Extensions with SSL Orchestrator: Advanced Blocking Pages

Service Extensions with SSL Orchestrator: SaaS Tenant Isolation

SSL Orchestrator Service Extensions: User Coaching

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS