Recent GnuTLS has a bug where if no system-wide configuration file exists, GnuTLS will refuse to connect to hosts using some normally supported cipher suites. There's a trivial workaround: install an empty configuration file. Please update GnuTLS to just ship an empty @sample ${PREFIX}/etc/gnutls/config to avoid this bug.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=15c1b5734bfc5c0ad3a2756386fd9f00c0270299 commit 15c1b5734bfc5c0ad3a2756386fd9f00c0270299 Author: Tijl Coosemans <tijl@FreeBSD.org> AuthorDate: 2024-06-14 12:28:49 +0000 Commit: Tijl Coosemans <tijl@FreeBSD.org> CommitDate: 2024-06-14 13:08:45 +0000 security/gnutls: Fix RSAES-PKCS1-v1_5 Add upstream patch to fix RSAES-PKCS1-v1_5 when configuration file is missing. Pet portlint/portclippy/portfmt. PR: 279571 security/gnutls/Makefile | 35 +++++++++++++++++++---------------- security/gnutls/distinfo | 4 +++- 2 files changed, 22 insertions(+), 17 deletions(-)
Thanks for the fix. Can this be MFH'ed?