This issue has been fixed in upstream version 0.10.0 (out just now). This is caused by recent GnuTLS versions (since 3.6.11 AFAIK) listing the peer's certificate type in the session description so they aren't identical on anonymous client and authenticated server, so backporting shouldn't be necessary.
- Bug#950301: mod-gnutls FTBFS: ERROR: Cipher suites mismatching... Adrian Bunk
- Bug#950301: Fixed upstream in 0.10.0 Fiona Klute
