Bug#1130152: libgnutls30t64: extensions shuffling regression in 3.8.5 causes handshake failure with certain servers

Simon McVittie smcv at collabora.com
Mon Mar 9 12:42:35 GMT 2026 

Package: libgnutls30t64
Version: 3.8.5-1
Severity: important
Tags: trixie upstream fixed-upstream
Forwarded: https://gitlab.com/gnutls/gnutls/-/work_items/1660
Control: found -1 3.8.9-3+deb13u2
Control: fixed -1 3.8.12-2
User: linux at steampowered.com
Usertags: origin-steamrt steamrt4

A regression in GnuTLS 3.8.5, which started shuffling the extensions
order, causes an interoperability issue leading to handshake failures
with some SSL/TLS servers. I'm reporting this at important severity since
it's an interop regression affecting an unknown number of remote services.

>From the linked regression report https://github.com/luakit/luakit/issues/1101,
it seems that at the time of writing, search.dismail.de is a good test-case,
for example:

    $ podman run --rm -it debian:trixie-slim
    # apt update && apt upgrade && apt install ca-certificates gnutls-bin
    # gnutls-cli search.dismail.de
    Processed 150 CA certificate(s).
    Resolving 'search.dismail.de:443'...
    Connecting to '128.140.68.142:443'...
    *** Fatal error: A TLS fatal alert has been received.
    *** Received alert [47]: Illegal parameter

(or use your favourite way to get a clean trixie environment, if not podman)

I've confirmed that 3.8.12-2 in forky and 3.7.9-2+deb12u6 in bookworm
are both unaffected by this: they successfully connect to that server,
with gnutls-cli output that includes "Handshake was completed". (Press
Ctrl+D to exit after seeing this.)

This appears to have been fixed by
https://gitlab.com/gnutls/gnutls/-/merge_requests/1930
after the 3.8.9 release, commit
<https://gitlab.com/gnutls/gnutls/-/commit/dc5ee80c3a28577e9de0f82fb08164e4c02b96af>,
but unfortunately that commit didn't make it into Debian 13. Please
could this change be backported? (I haven't yet verified that this change
resolves the issue, I'll look into that next.)

Thanks,
    smcv

-- System Information:
Debian Release: 13.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'stable'), (400, 'proposed-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 6.18.5+deb13-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libgnutls30t64 depends on:
ii  libc6           2.41-12+deb13u1
ii  libgmp10        2:6.3.0+dfsg-3
ii  libhogweed6t64  3.10.1-1
ii  libidn2-0       2.3.8-2
ii  libnettle8t64   3.10.1-1
ii  libp11-kit0     0.25.5-3
ii  libtasn1-6      4.20.0-2
ii  libunistring5   1.3-2

libgnutls30t64 recommends no packages.

Versions of packages libgnutls30t64 suggests:
ii  gnutls-bin  3.8.9-3+deb13u2

-- no debconf information

More information about the Pkg-gnutls-maint mailing list