Package: gnutls28
Version: 3.3.8-6+deb8u2

gnutls sends ocsp certificate status even if the client didn't request that. 
This leads to TLS connections to OCSP enabled exim versions to

either 

1) fail completely (like for gmail trying to deliver mail to exim)

or 

2) the other side fall back to unencrypted smtp connections

Given that, I consider this a serious bug that should be fixed in Jessie.


the patch 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch that
was in the 3.3.16 sid gnutls package should be applied to the Jessie version
also.

Reply via email to