diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml
index 7c1203eac3e..ec18d73a073 100644
--- a/src/modules/tls/doc/params.xml
+++ b/src/modules/tls/doc/params.xml
@@ -19,6 +19,18 @@
 		Sets the TLS protocol method. Possible values are:
 	</para>
 	<itemizedlist>
+			<listitem>
+				<para>
+				<emphasis>TLSv1.3+</emphasis> - TLSv1.3 or newer (TLSv1.3, ...)
+				connections are accepted (available starting with openssl/libssl v1.1.1)
+				</para>
+			</listitem>
+			<listitem>
+				<para>
+				<emphasis>TLSv1.3</emphasis> - only TLSv1.3 connections are accepted
+				(available starting with openssl/libssl v1.1.1)
+				</para>
+			</listitem>
 			<listitem>
 				<para>
 				<emphasis>TLSv1.2+</emphasis> - TLSv1.2 or newer (TLSv1.3, ...)
diff --git a/src/modules/tls/tls_cfg.c b/src/modules/tls/tls_cfg.c
index e7d54e8b24b..6a229bc851d 100644
--- a/src/modules/tls/tls_cfg.c
+++ b/src/modules/tls/tls_cfg.c
@@ -143,7 +143,7 @@ cfg_def_t	tls_cfg_def[] = {
 	{"force_run", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
 		"force loading the tls module even when initial sanity checks fail"},
 	{"method",   CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
-		"TLS method used (TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2, SSLv23)"},
+		"TLS method used (TLSv1.3, TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2, SSLv23)"},
 	{"server_name",   CFG_VAR_STR | CFG_READONLY, 0, 0, 0, 0,
 		"Server name (SNI)"},
 	{"server_name_mode", CFG_VAR_INT | CFG_READONLY, 0, 1, 0, 0,
diff --git a/src/modules/tls/tls_domain.h b/src/modules/tls/tls_domain.h
index d81b4f0e319..f07b8cf2acf 100644
--- a/src/modules/tls/tls_domain.h
+++ b/src/modules/tls/tls_domain.h
@@ -39,11 +39,15 @@
 #define TLS_OP_TLSv1_PLUS   (TLS_OP_SSLv3_PLUS   | SSL_OP_NO_SSLv3)
 
 #ifdef SSL_OP_NO_TLSv1
-#  define TLS_OP_TLSv1_1_PLUS (TLS_OP_TLSv1_PLUS   | SSL_OP_NO_TLSv1)
+#define TLS_OP_TLSv1_1_PLUS (TLS_OP_TLSv1_PLUS   | SSL_OP_NO_TLSv1)
 
-#  ifdef SSL_OP_NO_TLSv1_1
-#    define TLS_OP_TLSv1_2_PLUS (TLS_OP_TLSv1_1_PLUS | SSL_OP_NO_TLSv1_1)
-#  endif /*SSL_OP_NO_TLSv1_1*/
+#ifdef SSL_OP_NO_TLSv1_1
+#define TLS_OP_TLSv1_2_PLUS (TLS_OP_TLSv1_1_PLUS | SSL_OP_NO_TLSv1_1)
+#endif /*SSL_OP_NO_TLSv1_1*/
+
+#ifdef SSL_OP_NO_TLSv1_2
+#define TLS_OP_TLSv1_3_PLUS (TLS_OP_TLSv1_2_PLUS | SSL_OP_NO_TLSv1_2)
+#endif /*SSL_OP_NO_TLSv1_2*/
 
 #endif /*SSL_OP_NO_TLSv1*/
 
@@ -70,10 +74,14 @@ enum tls_method {
 	TLS_USE_TLSv1_2_cli,
 	TLS_USE_TLSv1_2_srv,
 	TLS_USE_TLSv1_2,    /* only TLSv1.2 */
+	TLS_USE_TLSv1_3_cli,
+	TLS_USE_TLSv1_3_srv,
+	TLS_USE_TLSv1_3,    /* only TLSv1.3 */
 	TLS_USE_TLSvRANGE,    /* placeholder - TLSvX ranges must be after it */
 	TLS_USE_TLSv1_PLUS,   /* TLSv1.0 or greater */
 	TLS_USE_TLSv1_1_PLUS, /* TLSv1.1 or greater */
 	TLS_USE_TLSv1_2_PLUS, /* TLSv1.2 or greater */
+	TLS_USE_TLSv1_3_PLUS, /* TLSv1.3 or greater */
 	TLS_METHOD_MAX
 };
 
diff --git a/src/modules/tls/tls_init.c b/src/modules/tls/tls_init.c
index 4c858bbbd83..1b88aa03bcc 100644
--- a/src/modules/tls/tls_init.c
+++ b/src/modules/tls/tls_init.c
@@ -401,6 +401,12 @@ static void init_ssl_methods(void)
 	ssl_methods[TLS_USE_TLSv1_2 - 1] = TLSv1_2_method();
 #endif
 
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
+	ssl_methods[TLS_USE_TLSv1_3_cli - 1] = TLSv1_3_client_method();
+	ssl_methods[TLS_USE_TLSv1_3_srv - 1] = TLSv1_3_server_method();
+	ssl_methods[TLS_USE_TLSv1_3 - 1] = TLSv1_3_method();
+#endif
+
 	/* ranges of TLS versions (require a minimum TLS version) */
 	ssl_methods[TLS_USE_TLSv1_PLUS - 1] = (void*)TLS_OP_TLSv1_PLUS;
 
@@ -412,6 +418,9 @@ static void init_ssl_methods(void)
 	ssl_methods[TLS_USE_TLSv1_2_PLUS - 1] = (void*)TLS_OP_TLSv1_2_PLUS;
 #endif
 
+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
+	ssl_methods[TLS_USE_TLSv1_3_PLUS - 1] = (void*)TLS_OP_TLSv1_3_PLUS;
+#endif
 #else
 	/* openssl 1.1.0+ */
 	memset(sr_tls_methods, 0, sizeof(sr_tls_methods));
@@ -463,6 +472,16 @@ static void init_ssl_methods(void)
 	sr_tls_methods[TLS_USE_TLSv1_2 - 1].TLSMethodMin = TLS1_2_VERSION;
 	sr_tls_methods[TLS_USE_TLSv1_2 - 1].TLSMethodMax = TLS1_2_VERSION;
 
+	sr_tls_methods[TLS_USE_TLSv1_3_cli - 1].TLSMethod = TLS_client_method();
+	sr_tls_methods[TLS_USE_TLSv1_3_cli - 1].TLSMethodMin = TLS1_3_VERSION;
+	sr_tls_methods[TLS_USE_TLSv1_3_cli - 1].TLSMethodMax = TLS1_3_VERSION;
+	sr_tls_methods[TLS_USE_TLSv1_3_srv - 1].TLSMethod = TLS_server_method();
+	sr_tls_methods[TLS_USE_TLSv1_3_srv - 1].TLSMethodMin = TLS1_3_VERSION;
+	sr_tls_methods[TLS_USE_TLSv1_3_srv - 1].TLSMethodMax = TLS1_3_VERSION;
+	sr_tls_methods[TLS_USE_TLSv1_3 - 1].TLSMethod = TLS_method();
+	sr_tls_methods[TLS_USE_TLSv1_3 - 1].TLSMethodMin = TLS1_3_VERSION;
+	sr_tls_methods[TLS_USE_TLSv1_3 - 1].TLSMethodMax = TLS1_3_VERSION;
+
 	/* ranges of TLS versions (require a minimum TLS version) */
 	sr_tls_methods[TLS_USE_TLSv1_PLUS - 1].TLSMethod = TLS_method();
 	sr_tls_methods[TLS_USE_TLSv1_PLUS - 1].TLSMethodMin = TLS1_VERSION;
@@ -473,6 +492,9 @@ static void init_ssl_methods(void)
 	sr_tls_methods[TLS_USE_TLSv1_2_PLUS - 1].TLSMethod = TLS_method();
 	sr_tls_methods[TLS_USE_TLSv1_2_PLUS - 1].TLSMethodMin = TLS1_2_VERSION;
 
+	sr_tls_methods[TLS_USE_TLSv1_3_PLUS - 1].TLSMethod = TLS_method();
+	sr_tls_methods[TLS_USE_TLSv1_3_PLUS - 1].TLSMethodMin = TLS1_3_VERSION;
+
 #endif
 }