diff --git a/CMakeLists.txt b/CMakeLists.txt
index 97fc411965..92e152e4cd 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -979,7 +979,9 @@ endif()
 if(ENABLE_GNUTLS)
 	set(PACKAGELIST ${PACKAGELIST} GNUTLS)
 	# Minimum version needed.
-	set(GNUTLS_OPTIONS "2.12.0")
+	# 3.0.2 due to GNUTLS_PRIVKEY_IMPORT_COPY
+	# 3.2.0 to remain GPLv2-compatible.
+	set(GNUTLS_OPTIONS "3.2.0")
 endif()
 
 # Kerberos
diff --git a/debian/control b/debian/control
index 1d04c01e66..828137e093 100644
--- a/debian/control
+++ b/debian/control
@@ -11,9 +11,8 @@ Build-Depends: lsb-release,
  docbook-xsl (>= 1.64.1.0-0), docbook-xml, libxml2-utils, libpcre3-dev,
  libcap2-dev [linux-any] | libcap-dev (>= 2.17) [linux-any],
  bison, quilt, libparse-yapp-perl,
-# libgnutls28-dev >= 3.2.14-1 is GPLv2+ compatible. libgnutls-dev is
-# backports-compatible.
- libgnutls28-dev (>= 3.2.14-1~) | libgnutls-dev,
+# libgnutls28-dev >= 3.2.14-1 is GPLv2+ compatible.
+ libgnutls28-dev (>= 3.2.14-1~),
  libgcrypt-dev, libkrb5-dev, liblua5.2-dev, libsmi2-dev,
  libmaxminddb-dev, dpkg-dev (>= 1.16.1~), libsystemd-dev | libsystemd-journal-dev,
  libnl-genl-3-dev [linux-any], libnl-route-3-dev [linux-any], asciidoctor,
diff --git a/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc b/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc
index c81db8b491..2978e732c1 100644
--- a/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc
+++ b/docbook/wsdg_src/WSDG_chapter_libraries.asciidoc
@@ -229,8 +229,8 @@ https://www.winpcap.org/install/[]
 
 === GnuTLS (optional)
 
-The GNU Transport Layer Security Library is used to dissect TLS and SSL
-protocols (aka: HTTPS).
+The GNU Transport Layer Security Library is used to enable TLS decryption
+using a RSA private key.
 
 [[ChLibsUnixGNUTLS]]
 
@@ -238,7 +238,7 @@ protocols (aka: HTTPS).
 
 If this library isn't already installed or available as a
 package for your platform, you can get it at
-https://www.gnu.org/software/gnutls/download.html[].
+https://gnutls.org/[].
 
 [[ChLibsWin32GNUTLS]]
 
diff --git a/tools/debian-setup.sh b/tools/debian-setup.sh
index c3537af232..8b6a0db101 100755
--- a/tools/debian-setup.sh
+++ b/tools/debian-setup.sh
@@ -118,11 +118,9 @@ add_package ADDITIONAL_LIST libssh-gcrypt-dev ||
 add_package ADDITIONAL_LIST libssh-dev ||
 echo "libssh-gcrypt-dev and libssh-dev are unavailable" >&2
 
-# libgnutls-dev: Debian <= jessie, Ubuntu <= 16.04
 # libgnutls28-dev: Debian >= wheezy-backports, Ubuntu >= 12.04
 add_package ADDITIONAL_LIST libgnutls28-dev ">= 3.2.14-1" ||
-add_package ADDITIONAL_LIST libgnutls-dev ||
-echo "libgnutls28-dev and libgnutls-dev are unavailable" >&2
+echo "libgnutls28-dev is unavailable" >&2
 
 # mmdbresolve
 add_package ADDITIONAL_LIST libmaxminddb-dev ||