[From nobody Fri Apr  3 20:35:08 2026
Received: (at submit) by bugs.debian.org; 9 Mar 2026 12:48:14 +0000
X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
 (2024-03-25) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-16.1 required=4.0 tests=BAYES_00,
 BODY_INCLUDES_PACKAGE,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,
 DKIM_VALID_EF,FOURLA,HAS_PACKAGE,MD5_SHA1_SUM,SPF_HELO_NONE,SPF_PASS
 autolearn=ham autolearn_force=no
 version=4.0.1-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 24; hammy, 150; neutral, 243; spammy,
 0. spammytokens: hammytokens:0.000-+--trixie, 0.000-+--bookworm, 
 0.000-+--forky, 0.000-+--HTo:N*Debian, 0.000-+--H*Ad:N*Bug
Return-path: &lt;smcv@collabora.com&gt;
Received: from bali.collaboradmins.com ([2a01:4f8:201:9162::2]:60088)
 by buxtehude.debian.org with utf8esmtps
 (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
 (Exim 4.96) (envelope-from &lt;smcv@collabora.com&gt;) id 1vza1u-000zFd-0P
 for submit@bugs.debian.org; Mon, 09 Mar 2026 12:48:14 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=collabora.com;
 s=mail; t=1773060156;
 bh=cELH1AhiJ0ck3jn88hKQfkXXNbtXcS+VoED86fT1tJ4=;
 h=Date:From:To:Subject:From;
 b=jFSYCPNqPf8gYMrmxWgmw2cyioXXnrNMpDA/qMZiaM2FMw1NdG8r3vI+UjU6UJhDF
 JA1ybcSAgD4FZ8g39G3eJu720tQVfPd+vpGfLg8GBkfh3cAXixhu/OwM/5sfOQzmt5
 K9Dqhuj8y/cXf73Nvpv5x9+cK4pK+a/HHuOJRoIFTDuDw9A9+QbLXPjs6Z45ZOCOx2
 5L7bOJWf4rxc/J/RSlDfPnEFJEsk87yT2cTcoWvsJvXcPdHDLJp/DTAP1RCJFt7BDF
 LRvHwZMb/KwXXW/ksNOQayscGOPLVNMVencTuKE4dHnWAT23AOxX4DTmFEYLTGVcqE
 dLSJU/anR830A==
Received: from localhost (cust135-dsl47.idnet.net [212.69.47.135])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange ECDHE (prime256v1) server-signature RSA-PSS (4096 bits)
 server-digest SHA256) (No client certificate requested)
 (Authenticated sender: smcv)
 by bali.collaboradmins.com (Postfix) with UTF8SMTPSA id 2853617E0071
 for &lt;submit@bugs.debian.org&gt;; Mon,  9 Mar 2026 13:42:36 +0100 (CET)
Date: Mon, 9 Mar 2026 12:42:35 +0000
From: Simon McVittie &lt;smcv@collabora.com&gt;
To: Debian Bug Tracking System &lt;submit@bugs.debian.org&gt;
Subject: libgnutls30t64: extensions shuffling regression in 3.8.5 causes
 handshake failure with certain servers
Message-ID: &lt;aa7AOwrDPEDY6t52@descent&gt;
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 13.2.0
X-Greylist: delayed 326 seconds by postgrey-1.37 at buxtehude;
 Mon, 09 Mar 2026 12:48:13 UTC
Delivered-To: submit@bugs.debian.org

Package: libgnutls30t64
Version: 3.8.5-1
Severity: important
Tags: trixie upstream fixed-upstream
Forwarded: https://gitlab.com/gnutls/gnutls/-/work_items/1660
Control: found -1 3.8.9-3+deb13u2
Control: fixed -1 3.8.12-2
User: linux@steampowered.com
Usertags: origin-steamrt steamrt4

A regression in GnuTLS 3.8.5, which started shuffling the extensions
order, causes an interoperability issue leading to handshake failures
with some SSL/TLS servers. I'm reporting this at important severity since
it's an interop regression affecting an unknown number of remote services.

&gt;From the linked regression report https://github.com/luakit/luakit/issues/1101,
it seems that at the time of writing, search.dismail.de is a good test-case,
for example:

    $ podman run --rm -it debian:trixie-slim
    # apt update &amp;&amp; apt upgrade &amp;&amp; apt install ca-certificates gnutls-bin
    # gnutls-cli search.dismail.de
    Processed 150 CA certificate(s).
    Resolving 'search.dismail.de:443'...
    Connecting to '128.140.68.142:443'...
    *** Fatal error: A TLS fatal alert has been received.
    *** Received alert [47]: Illegal parameter

(or use your favourite way to get a clean trixie environment, if not podman)

I've confirmed that 3.8.12-2 in forky and 3.7.9-2+deb12u6 in bookworm
are both unaffected by this: they successfully connect to that server,
with gnutls-cli output that includes &quot;Handshake was completed&quot;. (Press
Ctrl+D to exit after seeing this.)

This appears to have been fixed by
https://gitlab.com/gnutls/gnutls/-/merge_requests/1930
after the 3.8.9 release, commit
&lt;https://gitlab.com/gnutls/gnutls/-/commit/dc5ee80c3a28577e9de0f82fb08164e4c02b96af&gt;,
but unfortunately that commit didn't make it into Debian 13. Please
could this change be backported? (I haven't yet verified that this change
resolves the issue, I'll look into that next.)

Thanks,
    smcv

-- System Information:
Debian Release: 13.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'stable'), (400, 'proposed-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 6.18.5+deb13-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libgnutls30t64 depends on:
ii  libc6           2.41-12+deb13u1
ii  libgmp10        2:6.3.0+dfsg-3
ii  libhogweed6t64  3.10.1-1
ii  libidn2-0       2.3.8-2
ii  libnettle8t64   3.10.1-1
ii  libp11-kit0     0.25.5-3
ii  libtasn1-6      4.20.0-2
ii  libunistring5   1.3-2

libgnutls30t64 recommends no packages.

Versions of packages libgnutls30t64 suggests:
ii  gnutls-bin  3.8.9-3+deb13u2

-- no debconf information
]