Qualys scan reports Host is Vulnerable to Extended Master Secret TLS Extension
the scan is done for the BIGIP configuration utility ie management ip. NOT of any VIP.
i didnt find any workaround to mitigate this on the configuration utility ssl .
You can find your solution on this article: https://support.f5.com/csp/article/K66202244
thanks for the link,
i think that workaround is for the client ssl profile which attached to any virtual server.
i my case the scanning is done on the bigip configuration utility with device certificate.
sorry you're right, it doesn't fit your problem.
Maybe try to limit SSL protocols and ciphers allowed by Configuration utility ?