TLS 1.3
TLS 1.3 enables the latest version of the TLS protocol (when supported) for improved security and performance.
TLS 1.3 is the newest, fastest, and most secure version of the TLS protocol.
By turning on the TLS 1.3 feature, traffic to and from your website will be served over the TLS 1.3 protocol when supported by clients. TLS 1.3 protocol has improved latency over older versions, has several new features, and is currently supported in all updated major browsers.
| Free | Pro | Business | Enterprise | |
|---|---|---|---|---|
Availability | Yes | Yes | Yes | Yes |
TLS 1.3 can be activated in the Cloudflare dashboard or through the API:
To enable TLS 1.3 in the dashboard:
- Log in to your Cloudflare account ↗ and go to a specific domain.
- Go to SSL/TLS > Edge Certificates.
- For TLS 1.3, switch the toggle to On.
To adjust your TLS 1.3 settings with the API, send a PATCH request with tls_1_3 as the setting name in the URI path, and set the value parameter to your desired setting ("on", "zrt" or "off"). zrt refers to Zero Round Trip Time Resumption (0-RTT) ↗.
Since TLS 1.3 implementations are relatively new, some failures may occur. If you experience errors, submit a Cloudflare Support ticket with the following information:
- Steps to replicate the issue (if possible)
- Client build version
- Client diagnostic information
- Packet captures
Chrome users should submit a net-internals trace ↗ to Google. Firefox users should report bugs to Mozilla ↗.
You cannot set specific TLS 1.3 ciphers. Instead, you can enable TLS 1.3 for your entire zone and Cloudflare will use all applicable TLS 1.3 cipher suites. In combination with this, you can still disable weak cipher suites for TLS 1.0-1.2.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark