# Using TLSv1.3

OpenSSL 1.1.1 introduced support for TLSv1.3. TLSv1.3 is a major rewrite of the TLS protocol. (Some even argued it should've been called TLSv2.0.) Among other things,

* it introduces a new set of cipher suites that only work with TLSv1.3,
* and TLSv1.3 does not support cipher suites from previous TLS protocol versions.

{% hint style="info" %}
OpenSSL 1.1.1 is primarily (if not exclusively) supported by Red Hat 8.
{% endhint %}

This incompatible change had a non-obvious consequence. If you specified particular cipher suites to disable old and obsolete TLS protocol version, you might have inadvertently prevented TLSv1.3 from working, if the TLSv1.3 cipher suites were not added to their cipher list. After upgrading to OpenSSL 1.1.1, this might give the impression that you are using TLSv1.3, when their existing cipher suite configuration might prevent it.

To avoid this problem, OpenSSL developers decided that TLSv1.3 cipher suites should not be affected by the normal cipher-selecting API. This means that the [ssl\_cipher](/docs/server/security/encryption/data-in-transit-encryption/ssltls-system-variables.md#ssl_cipher) system variable had no effect on the TLSv1.3 cipher suites. This has been fixed in MariaDB, though – you can use the `ssl_cipher` variable just like before that change.

{% hint style="warning" %}
You cannot specify both TLSv1.2 and TLSv1.3 at the same time when MariaDB is built against OpenSSL 1.1.1.
{% endhint %}

See this [OpenSSL blog post](https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/) and [GitHub issue](https://github.com/openssl/openssl/issues/5359) for more information.

### See Also

* [Secure Connections Overview](/docs/server/security/encryption/data-in-transit-encryption/secure-connections-overview.md)

<sub>*This page is licensed: CC BY-SA / Gnu FDL*</sub>

{% @marketo/form formId="4316" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://mariadb.com/docs/server/security/encryption/data-in-transit-encryption/using-tlsv13.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.