This issue has been fixed in upstream version 0.10.0 (out just now). This is caused by recent GnuTLS versions (since 3.6.11 AFAIK) listing the peer's certificate type in the session description so they aren't identical on anonymous client and authenticated server, so backporting shouldn't be necessary.
- Bug#950301: mod-gnutls FTBFS: ERROR: Cipher sui... Adrian Bunk
- Bug#950301: Fixed upstream in 0.10.0 Fiona Klute
- Processed: mod-gnutls: diff for NMU versio... Debian Bug Tracking System
- Bug#950301: marked as done (mod-gnutls FTB... Debian Bug Tracking System
