05-Oct-2020 22:53
Hi
Qualys scan reports Host is Vulnerable to Extended Master Secret TLS Extension
the scan is done for the BIGIP configuration utility ie management ip. NOT of any VIP.
i didnt find any workaround to mitigate this on the configuration utility ssl .
06-Oct-2020 00:40
Hello ragunath154,
You can find your solution on this article: https://support.f5.com/csp/article/K66202244
Regards
06-Oct-2020 05:18
Hi Lidev
thanks for the link,
i think that workaround is for the client ssl profile which attached to any virtual server.
i my case the scanning is done on the bigip configuration utility with device certificate.
06-Oct-2020 06:19
sorry you're right, it doesn't fit your problem.
Maybe try to limit SSL protocols and ciphers allowed by Configuration utility ?
https://support.f5.com/csp/article/K02321234