diff --git a/src/init.c b/src/init.c
index 6807e361..e4186abe 100644
--- a/src/init.c
+++ b/src/init.c
@@ -1711,6 +1711,7 @@ cmd_spec_secure_protocol (const char *com, const char *val, void *place)
     { "tlsv1", secure_protocol_tlsv1 },
     { "tlsv1_1", secure_protocol_tlsv1_1 },
     { "tlsv1_2", secure_protocol_tlsv1_2 },
+    { "tlsv1_3", secure_protocol_tlsv1_3 },
     { "pfs", secure_protocol_pfs },
   };
   int ok = decode_string (val, choices, countof (choices), place);
diff --git a/src/openssl.c b/src/openssl.c
index 6af38dbf..aed99e7c 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -263,6 +263,16 @@ ssl_init (void)
       meth = TLSv1_2_client_method ();
 #endif
       break;
+
+    case secure_protocol_tlsv1_3:
+#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >=  0x10100000L)
+      meth = TLS_client_method();
+      ssl_proto_version = TLS1_3_VERSION;
+#else
+      logprintf (LOG_NOTQUIET, _("Your OpenSSL version is too old to support TLS 1.3\n"));
+      goto error;
+#endif
+      break;
 #else
     case secure_protocol_tlsv1_1:
       logprintf (LOG_NOTQUIET, _("Your OpenSSL version is too old to support TLSv1.1\n"));
@@ -271,6 +281,7 @@ ssl_init (void)
     case secure_protocol_tlsv1_2:
       logprintf (LOG_NOTQUIET, _("Your OpenSSL version is too old to support TLSv1.2\n"));
       goto error;
+
 #endif
 
     default:
diff --git a/src/options.h b/src/options.h
index 2e8c8743..30845a1b 100644
--- a/src/options.h
+++ b/src/options.h
@@ -228,6 +228,7 @@ struct options
     secure_protocol_tlsv1,
     secure_protocol_tlsv1_1,
     secure_protocol_tlsv1_2,
+    secure_protocol_tlsv1_3,
     secure_protocol_pfs
   } secure_protocol;            /* type of secure protocol to use. */
   int check_cert;               /* whether to validate the server's cert */