Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

F5 Config utility-Host is Vulnerable to Extended Master Secret TLS Extension

ragunath154
Cirrus
Cirrus

‎05-Oct-2020 22:53

Hi

Qualys scan reports Host is Vulnerable to Extended Master Secret TLS Extension

the scan is done for the BIGIP configuration utility ie management ip. NOT of any VIP.

 

i didnt find any workaround to mitigate this on the configuration utility ssl .

Labels:
0 Kudos
3 REPLIES 3

Lidev
MVP
MVP

‎06-Oct-2020 00:40

Hello ragunath154,

 

You can find your solution on this article: https://support.f5.com/csp/article/K66202244

 

Regards

0 Kudos

ragunath154
Cirrus
Cirrus
In response to Lidev

‎06-Oct-2020 05:18

Hi Lidev

thanks for the link,

i think that workaround is for the client ssl profile which attached to any virtual server.

 

i my case the scanning is done on the bigip configuration utility with device certificate.

0 Kudos

Lidev
MVP
MVP
In response to ragunath154

‎06-Oct-2020 06:19

sorry you're right, it doesn't fit your problem.

Maybe try to limit SSL protocols and ciphers allowed by Configuration utility ?

https://support.f5.com/csp/article/K02321234

 

0 Kudos
Copyright © 2023 Khoros, LLC