diff -Nru iperf3-3.18/debian/changelog iperf3-3.18/debian/changelog
--- iperf3-3.18/debian/changelog	2025-08-31 00:59:40.000000000 +0200
+++ iperf3-3.18/debian/changelog	2025-11-17 20:51:16.000000000 +0100
@@ -1,3 +1,9 @@
+iperf3 (3.18-2+deb13u2) trixie; urgency=medium
+
+  * Fix FTBS in trixie with openssl >= 3.5.3 (Closes: #1120866)
+
+ -- Roberto Lumbreras <rover@debian.org>  Mon, 17 Nov 2025 20:51:16 +0100
+
 iperf3 (3.18-2+deb13u1) trixie; urgency=high
 
   * Fix no-dsa security issues:
diff -Nru iperf3-3.18/debian/patches/03-openssl.patch iperf3-3.18/debian/patches/03-openssl.patch
--- iperf3-3.18/debian/patches/03-openssl.patch	1970-01-01 01:00:00.000000000 +0100
+++ iperf3-3.18/debian/patches/03-openssl.patch	2025-11-17 20:51:16.000000000 +0100
@@ -0,0 +1,19 @@
+Description: Resolve issue with openssl 3.5.3 encrypt #1956
+ Set output buffer size prior to encrypt operation
+ When calling EVP_PKEY_encrypt with a non-null output buffer,
+ the output buffer length must be provided. Attempts to write
+ beyond this length will fail.
+Author: Michael Lowman (GitHub)
+Forwarded: yes
+Index: iperf3-3.18/src/iperf_auth.c
+===================================================================
+--- iperf3-3.18.orig/src/iperf_auth.c	2025-11-17 20:53:32.586242819 +0100
++++ iperf3-3.18/src/iperf_auth.c	2025-11-17 20:53:32.586242819 +0100
+@@ -252,6 +252,7 @@
+ #endif
+     rsa_buffer  = OPENSSL_malloc(keysize * 2);
+     *encryptedtext = (unsigned char*)OPENSSL_malloc(keysize);
++    encryptedtext_len = keysize;
+ 
+     BIO *bioBuff   = BIO_new_mem_buf((void*)plaintext, (int)strlen(plaintext));
+     rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, keysize * 2);
diff -Nru iperf3-3.18/debian/patches/series iperf3-3.18/debian/patches/series
--- iperf3-3.18/debian/patches/series	2025-08-04 23:53:41.000000000 +0200
+++ iperf3-3.18/debian/patches/series	2025-11-17 20:51:16.000000000 +0100
@@ -2,3 +2,4 @@
 02-gcc15.patch
 CVE-2025-54349.patch
 CVE-2025-54350.patch
+03-openssl.patch