Apache – Is it possible to use TLSv1.3 in Apache 2.4

June 2019 Update

It's here! Apache 2.4.37 (released 22-October-2018) adds support for OpenSSL 1.1.1 and TLSv1.3 . Make sure you use at least 2.4.39 though due to security issues.

March 2018 Update

TLS 1.3 draft is up to v26. There is general support in the main SSL libraries for varying versions of the Draft. It doesn't look like Chrome and Firefox have shipped it "on" as default yet. Cloudflare have written about some issues with using TLS 1.3 across some TLS 1.2 devices when trials were done.

Dec 2017 Update

The TLS 1.3 Draft is up to v22. Not much change in servers and clients, probably waiting for something closer to the formal release spec.

June 2017 Update

The mod_nss module can be used to enable TLS 1.3 on Apache 2.4

Most SSL implementations have varying features of TLS 1.3 implemented.

Chrome and Firefox have shipped TLS 1.3 behind feature flags.

Feb 2017 Update

There are some TLS 1.3 implementations now the spec is a bit more mature. BoringSSL and OpenSSL are working on 1.3 but it seems to be a WIP. No mod_ssl TLS 1.3 yet.

Original

There doesn't seem to be any OpenSSL implementations of the draft TLS 1.3 specification yet which would be required for modssl to support it. So I'm going to say no.

Neither the OpenSSL or BoringSSL projects mention TLS 1.3 much other than people fixing bugs with forethought of what looks like coming in TLS 1.3. There's only a couple of references to the 1.3 version in the tests for OpenSSL.