Package: pidgin Version: 2.13.0-2+b1 Followup-For: Bug #973566 There is also an workaround on Debian Buster:
in Pidgin, one can select "Tools" / "Plugins" and install "NSS Preferences 2.13.0" plugin, and then click "Configure": here one can select what TLS versions and ciphers will be used, *including* TLS1.3 So I've installed it, enabled "min TLS1.2" and "max TLS1.3" and now it connects to TLS1.3-only server jabber.fsfe.org just fine. Why using best supported TLS protocol isn't default behaviour in Pidgin is something that should probably be addressed.