Bug#1130152: marked as done (libgnutls30t64: extensions shuffling regression in 3.8.5 causes handshake failure with certain servers)

[Debian Bug Tracking System]

Your message dated Fri, 03 Apr 2026 19:32:06 +0000
with message-id <e1w8kfs-000000067ou-0...@fasolo.debian.org>
and subject line Bug#1130152: fixed in gnutls28 3.8.9-3+deb13u3
has caused the Debian Bug report #1130152,
regarding libgnutls30t64: extensions shuffling regression in 3.8.5 causes 
handshake failure with certain servers
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1130152: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130152
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libgnutls30t64
Version: 3.8.5-1
Severity: important
Tags: trixie upstream fixed-upstream
Forwarded: https://gitlab.com/gnutls/gnutls/-/work_items/1660
Control: found -1 3.8.9-3+deb13u2
Control: fixed -1 3.8.12-2
User: li...@steampowered.com
Usertags: origin-steamrt steamrt4

A regression in GnuTLS 3.8.5, which started shuffling the extensions
order, causes an interoperability issue leading to handshake failures
with some SSL/TLS servers. I'm reporting this at important severity since
it's an interop regression affecting an unknown number of remote services.

>From the linked regression report https://github.com/luakit/luakit/issues/1101,
it seems that at the time of writing, search.dismail.de is a good test-case,
for example:

    $ podman run --rm -it debian:trixie-slim
    # apt update && apt upgrade && apt install ca-certificates gnutls-bin
    # gnutls-cli search.dismail.de
    Processed 150 CA certificate(s).
    Resolving 'search.dismail.de:443'...
    Connecting to '128.140.68.142:443'...
    *** Fatal error: A TLS fatal alert has been received.
    *** Received alert [47]: Illegal parameter

(or use your favourite way to get a clean trixie environment, if not podman)

I've confirmed that 3.8.12-2 in forky and 3.7.9-2+deb12u6 in bookworm
are both unaffected by this: they successfully connect to that server,
with gnutls-cli output that includes "Handshake was completed". (Press
Ctrl+D to exit after seeing this.)

This appears to have been fixed by
https://gitlab.com/gnutls/gnutls/-/merge_requests/1930
after the 3.8.9 release, commit
<https://gitlab.com/gnutls/gnutls/-/commit/dc5ee80c3a28577e9de0f82fb08164e4c02b96af>,
but unfortunately that commit didn't make it into Debian 13. Please
could this change be backported? (I haven't yet verified that this change
resolves the issue, I'll look into that next.)

Thanks,
    smcv

-- System Information:
Debian Release: 13.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security-debug'), (500, 
'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), 
(500, 'stable'), (400, 'proposed-updates')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64

Kernel: Linux 6.18.5+deb13-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libgnutls30t64 depends on:
ii  libc6           2.41-12+deb13u1
ii  libgmp10        2:6.3.0+dfsg-3
ii  libhogweed6t64  3.10.1-1
ii  libidn2-0       2.3.8-2
ii  libnettle8t64   3.10.1-1
ii  libp11-kit0     0.25.5-3
ii  libtasn1-6      4.20.0-2
ii  libunistring5   1.3-2

libgnutls30t64 recommends no packages.

Versions of packages libgnutls30t64 suggests:
ii  gnutls-bin  3.8.9-3+deb13u2

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: gnutls28
Source-Version: 3.8.9-3+deb13u3
Done: Andreas Metzler <ametz...@debian.org>

We believe that the bug you reported is fixed in the latest version of
gnutls28, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1130...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Metzler <ametz...@debian.org> (supplier of updated gnutls28 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 14 Mar 2026 07:19:14 +0100
Source: gnutls28
Architecture: source
Version: 3.8.9-3+deb13u3
Distribution: trixie
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-ma...@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametz...@debian.org>
Closes: 1130152
Changes:
 gnutls28 (3.8.9-3+deb13u3) trixie; urgency=medium
 .
   [ Simon McVittie ]
   * d/p/51_handshake-only-shuffle-extensions-in-the-first-Client-Hel.patch:
     Preserve extension order across client Hello retry.
     This resolves an interop regression in 3.8.5 with servers that enforce
     the RFC requirement that the Client Hello after a Hello Retry Request
     has the same extensions as the original Client Hello, in the same order
     (Closes: #1130152)
Checksums-Sha1:
 a240c41569ff24495ba28f21ecf767da6404823b 3269 gnutls28_3.8.9-3+deb13u3.dsc
 a82ecd16b9dc98a9cb9f5b073e05adba087827c8 104292 
gnutls28_3.8.9-3+deb13u3.debian.tar.xz
 383a05278723035668e02f515f0409e53c0bebf0 5928 
gnutls28_3.8.9-3+deb13u3_source.buildinfo
Checksums-Sha256:
 5e2a16a2799734e49f8d1fa51d91a19c9522509516246dea673666f0cfd5340a 3269 
gnutls28_3.8.9-3+deb13u3.dsc
 4f85a45e433139064d866a9dbe96a2f8d7b457ee6e2abe6afd36efb507b920ac 104292 
gnutls28_3.8.9-3+deb13u3.debian.tar.xz
 05d57e6dedb627ac71137a1c6b50cb7296933b7fff7e705dbde307a13a6e1c7b 5928 
gnutls28_3.8.9-3+deb13u3_source.buildinfo
Files:
 b8d3c43fe570f232ff137da7e66d0dfa 3269 libs optional 
gnutls28_3.8.9-3+deb13u3.dsc
 b22516fff5554276079ca638d9b1a720 104292 libs optional 
gnutls28_3.8.9-3+deb13u3.debian.tar.xz
 1ca299515822818228e10f2dc3c33b64 5928 libs optional 
gnutls28_3.8.9-3+deb13u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAmnIECcACgkQpU8BhUOC
FIR2yg//WJtxp9olM4ZUXEmVKI4N1V4oFOwyTAO/NM8qSk4vYQwdWZN1m/VpY/q2
au6qhF/4ysBifJzs1ZW9LRlhI4ZyOuy3amMEIlz3gDoA6AteMzyVB0FLzMeZOMHA
dqQbkKM/Cu8eOA+Gcqbt6AHK97tAKXNuzf0balwGvHF5uTQ57auEswWCObDpFzqp
djEZR5Xm6IG9T6guo1z8FRPHofSkpAm86W0I0DYwADQOZf22Vy4oYbkwX9jNsdY5
Q9yW8riZiM6xYwMR6WlxSG/4slHse9LQ2tWEItE03+cP1dWvUbBfsN+zlEhxWUKk
9vqB8+s5k6YGrcUB7JdvdtwJmJlnBBN6eMTXent91GwEogDreus+RGkmgb5aJk98
7VSOvAqhbDLNrYY6ZLrnIZWHuTZzlBRisAOkmBx+n4O9sj7wwuYA3/Q25o/TxYXY
PBqWHmHANgOrURugMpqdag/4dLCz46xqbGHUL4dWkXYZcwJZnJjPu2jqPBvawSQY
qUvutvif7H3BISXRUHwlhMB83oQSPKNYAAc/yIfTC5TUSC8+tyvsi8+3QKampy44
zn2m9/ENaZGxvJx3H46eH6cdA5UwdQv8z52GZVK+BiBUr3QvB6SSoHgesDf7hfQl
DakYgU+WieljkOsFpsWikI10LGqNqsEu3/13q1WtWspdKWrg04M=
=OqOt
-----END PGP SIGNATURE-----

pgplLaenfeAez.pgp
Description: PGP signature

--- End Message ---