Keep in mind that TMOS implements its own version of SSL, and you can see what ciphers are supported at https://my.f5.com/manage/s/article/K000136126. The OS implementation would generally only be used for the HTTPS GUI, so that is the only 'attack vector'. If you mitigate access to the HTTPS GUI to trusted networks, and dont expose it to the Internet, security dispensations are usually provided by audit/security teams.
That said, there is really no supported method of upgrading the OS version of OpenSSL without some 'hacking' and this may invalidate support. Generally, you want to upgrade the BIG-IP version of code and hence the underlying OpenSSL verison.