I can't speak for whether GnuTLS' historical interoperability issues are still a problem.
I think it is worth noting that OpenSSL 3.0 is available under the Apache License v2. As such it should now be compatible with GPL'd software excepting that which is GPLv2-only. I would like to refer to the blog post "Crytographic Right Answers" < https://latacora.micro.blog/2018/04/03/cryptographic-right-answers.html >, which makes the following recommendation regarding web site security (I am generalizing this to apply to TLS in general, yes): Use AWS ALB/ELB or OpenSSL, with LetsEncrypt [...] Otherwise, there was a dark period between 2010 and 2016 where OpenSSL might not have been the right answer, but that time has passed. OpenSSL has gotten better, and, more importantly, OpenSSL is on-the-ball with vulnerability disclosure and response. Using anything besides OpenSSL will drastically complicate your system for little, no, or even negative security benefit. So just keep it simple. [...] Avoid: offbeat TLS libraries like PolarSSL, GnuTLS, and MatrixSSL. OpenSSL is also recommended by previous 'cryptographic right answers' posts from others over the years (Tomas Ptacek in 2015 and Colin Percival in 2009). On the other hand, Latacora opens with: We’re less interested in empowering developers and a lot more pessimistic about the prospects of getting this stuff right. Which does indicate bias towards secure secure and correct implementations over user freedom (after all, they recommend paying Amazon to do to TLS termination for you rather than even trying to do it yourself with OpenSSL!) In 2020, I think it's worth revisiting whether sticking with GnuTLS is the best choice for Debian's users. Perhaps OpenSSL's relicensing makes the political reason to stay with GnuTLS less important (I'll of course defer to the opinions of the maintainers here!) Anyway, if the maintainers would reconsider switching to OpenSSL once 3.0 enters Debian then I'd like to help! -- Sam Morris <https://robots.org.uk/>