While trying to get my SSL server NIST compliant, I stumbled upon section 3.4.1 - Mandatory TLS Extensions, and there is only one option I cannot find where to configure on my end: Extended Master Secret. This extension is documented on RFC7627. Most modern browsers are supporting this by default.
While checking on the Internet, it seems CAs do enable this; all my searches of certificates issued by LE returned “Extended master secret: no”, which matches my own experience.
I haven’t found anything on either Apache HTTP or OpenSSL documentation/mailing lists though.
Is this by design a disabled feature on Let’s Encrypt backend? Any way I can manually turn this on from a CSR?
It’s not a characteristic of the certificate. It’s a characteristic of how the TLS server is configured and applies to individual TLS sessions based on how they are negotiated.
Try connecting to this forum (with TLS 1.2), which uses a Let’s Encrypt certificate.
Notably, it doesn’t seem to be supported/enabled by TLS 1.3 servers for TLS 1.3 sessions - that might be why you’re not seeing it. (By my reading, it seems to be superseded by the TLS 1.3 Transcript Hash, but it’s probably best for an actual expert to chime in on that matter).