As I pointed out in my last article, there are some detection tools that incorrectly detect OpenSSL 1.0.0 and the BIG-IP TLS stack as vulnerable to CVE-2014-0224.
The tools are simply sending a client hello and then immediately sending a change cipher spec message. They assume you are vulnerable if you do not reject the connection upon receipt of the early CCS message.
The tools detect OpenSSL 1.0.0 and earlier servers as vulnerable even though they are not. (To be fair, OpenSSL recommends updating older servers also.)
BIG-IP will also be detected as vulnerable even though it is not.
My team is working to create a better tool, but in the meantime, here is one way to differentiate a BIG-IP from an OpenSSL server.
OpenSSL 1.0.1 always advertises heartbeats. BIG-IP and OpenSSL earlier than 1.0.1 do not. You could add code to your tool similar to this: