Package: gnutls28 Version: 3.3.8-6+deb8u2
gnutls sends ocsp certificate status even if the client didn't request that. This leads to TLS connections to OCSP enabled exim versions to either 1) fail completely (like for gmail trying to deliver mail to exim) or 2) the other side fall back to unencrypted smtp connections Given that, I consider this a serious bug that should be fixed in Jessie. the patch 45_As-server-don-t-try-to-send-extensions-we-didn-t-rec.patch that was in the 3.3.16 sid gnutls package should be applied to the Jessie version also.

