cancel
Showing results for 
Search instead for 
Did you mean: 

F5 Config utility-Host is Vulnerable to Extended Master Secret TLS Extension

ragunath154
Cirrus
Cirrus

Hi

Qualys scan reports Host is Vulnerable to Extended Master Secret TLS Extension

the scan is done for the BIGIP configuration utility ie management ip. NOT of any VIP.

 

i didnt find any workaround to mitigate this on the configuration utility ssl .

3 REPLIES 3

Lidev
MVP
MVP

Hello ragunath154,

 

You can find your solution on this article: https://support.f5.com/csp/article/K66202244

 

Regards

Hi Lidev

thanks for the link,

i think that workaround is for the client ssl profile which attached to any virtual server.

 

i my case the scanning is done on the bigip configuration utility with device certificate.

sorry you're right, it doesn't fit your problem.

Maybe try to limit SSL protocols and ciphers allowed by Configuration utility ?

https://support.f5.com/csp/article/K02321234