Package: tf5 Version: 5.0beta8-7 Severity: important Tags: upstream Dear Maintainer,
As per brief discussion with Russ Allberry, I posting this bug report. tf5 in testing/sid and also debian buster, along with GNUtls versions thereby provided, has some undeseriable interaction/bug. Specifically, attempting a connection to a TLS1.3 enabled stunnel4 host fails. When using tf5 and then /connect -x [host] [TLS port] ... the result is :- % Connected to (unnamed1) using cipher ECDHE_RSA_AES_256_GCM_SHA384. % Connection to (unnamed1) closed by foreign host. On the server-side, is possible to disable TLS1.3, and then things work fine with TLS1.2 connectivity. Have not tested specifically different cipher suites and so-on, however. Older versions of tf5+gnutls (e.g. all current Ubuntu-LTS, and Debian before buster) do not seem to have the issue, presumably because of lacking TLS1.3 support!. My suggestion is that may make best sense for tf5 to (if possible) disable TLS1.3 usage until this is sorted out in gnutls-land, or indeed, openssl 2.0 reaches debian and can just be used with tf5 instead! May also be appropriate to post a bug into GNUTLS once some further investigation done? With thanks, -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.15.0-72-generic (SMP w/2 CPU cores) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages tf5 depends on: ii libc6 2.29-6 ii libgnutls-openssl27 3.6.11.1-2 ii libpcre3 2:8.39-12+b1 ii libtinfo6 6.1+20191019-1 ii zlib1g 1:1.2.11.dfsg-1+b1 tf5 recommends no packages. Versions of packages tf5 suggests: pn spell <none> -- no debconf information