On 2026-03-09 Simon McVittie <[email protected]> wrote: > Package: libgnutls30t64 > Version: 3.8.5-1 > Severity: important > Tags: trixie upstream fixed-upstream > Forwarded: https://gitlab.com/gnutls/gnutls/-/work_items/1660 > Control: found -1 3.8.9-3+deb13u2 > Control: fixed -1 3.8.12-2 > User: [email protected] > Usertags: origin-steamrt steamrt4
> A regression in GnuTLS 3.8.5, which started shuffling the extensions > order, causes an interoperability issue leading to handshake failures > with some SSL/TLS servers. I'm reporting this at important severity since > it's an interop regression affecting an unknown number of remote services. > From the linked regression report > https://github.com/luakit/luakit/issues/1101, > it seems that at the time of writing, search.dismail.de is a good test-case, > for example: [...] > This appears to have been fixed by > https://gitlab.com/gnutls/gnutls/-/merge_requests/1930 > after the 3.8.9 release, commit > <https://gitlab.com/gnutls/gnutls/-/commit/dc5ee80c3a28577e9de0f82fb08164e4c02b96af>, > but unfortunately that commit didn't make it into Debian 13. Please > could this change be backported? Sure I can do that. Thanks for the excellent report! (MR just popped in my inbox, too.) > (I haven't yet verified that this change > resolves the issue, I'll look into that next.) It does resolve connecting to search.dismail.de. cu Andreas -- "You people are noisy," Nia said. I made the gesture of agreement.
