I stumbled upon the same issue when trying to use libcurl to send e-mail via "smtp.googlemail.com" as part of a C application. With curl 7.64, TLS 1.2 is used and the e-mail is sent. However, with curl 7.74, TLS 1.3 is used, and I see (before any SMTP communication):
* GnuTLS recv error (-10): The specified session has been invalidated for some reason. * Closing connection 0 context.c:91 Cannot transfer: Failure when receiving data from the peer So the e-mail is not sent. libcurl3-gnutls never used TLS 1.3 before https://github.com/curl/curl/pull/5223 . We could revert that change for buster backports by disabling this "if" check https://github.com/curl/curl/blob/curl-7_74_0/lib/vtls/gtls.c#L587 so that +SRP is always in the "priority list" and TLS 1.3 is always disabled. git has a GIT_SSL_VERSION option, but it doesn't seem to work (this fails, trying to use TLS 1.3 anyway): GIT_CURL_VERBOSE=T GIT_SSL_VERSION=tlsv1.2 git clone https://github.com/git/git In case it helps anyone else, my application works again when I set CURLOPT_SSLVERSION to CURL_SSLVERSION_MAX_TLSv1_2 .
