diff --git a/include/maxscale/ssl.h b/include/maxscale/ssl.h
index 6147b8f93..4112620db 100644
--- a/include/maxscale/ssl.h
+++ b/include/maxscale/ssl.h
@@ -34,6 +34,7 @@ typedef enum ssl_method_type
     SERVICE_TLS10,
     SERVICE_TLS11,
     SERVICE_TLS12,
+    SERVICE_TLS13,
     SERVICE_SSL_MAX,
     SERVICE_TLS_MAX,
     SERVICE_SSL_TLS_MAX,
diff --git a/server/core/config.cc b/server/core/config.cc
index 32a4f7fc6..1e07eb079 100644
--- a/server/core/config.cc
+++ b/server/core/config.cc
@@ -282,6 +282,7 @@ static const MXS_ENUM_VALUE ssl_version_values[] =
     {"TLSv10", SERVICE_TLS10      },
     {"TLSv11", SERVICE_TLS11      },
     {"TLSv12", SERVICE_TLS12      },
+    {"TLSv13", SERVICE_TLS13      },
     {NULL}
 };
 
diff --git a/server/core/listener.cc b/server/core/listener.cc
index 0009212e9..755a83c40 100644
--- a/server/core/listener.cc
+++ b/server/core/listener.cc
@@ -200,6 +200,10 @@ int listener_set_ssl_version(SSL_LISTENER* ssl_listener, const char* version)
     {
         ssl_listener->ssl_method_type = SERVICE_TLS12;
     }
+    else if (strcasecmp(version, "TLSV13") == 0)
+    {
+        ssl_listener->ssl_method_type = SERVICE_TLS13;
+    }
     else
     {
         return -1;
@@ -301,6 +305,15 @@ bool SSL_LISTENER_init(SSL_LISTENER* ssl)
 #endif
         break;
 
+    case SERVICE_TLS13:
+#ifdef OPENSSL_1_1
+        ssl->method = (SSL_METHOD*)TLS_method();
+#else
+        MXS_ERROR("TLSv1.3 is not supported on this system.");
+        return false;
+#endif
+        break;
+
     /** Rest of these use the maximum available SSL/TLS methods */
     case SERVICE_SSL_MAX:
         ssl->method = (SSL_METHOD*)SSLv23_method();
@@ -335,6 +348,13 @@ bool SSL_LISTENER_init(SSL_LISTENER* ssl)
     /** Disable SSLv3 */
     SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
 
+    if (ssl->ssl_method_type == SERVICE_TLS13)
+    {
+        // There is no TLSv1_3_method function as the TLSv1_X_method functions are deprecated in favor of
+        // disabling them via options.
+        SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2);
+    }
+
     // Disable session cache
     SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
 
diff --git a/server/core/ssl.cc b/server/core/ssl.cc
index f1b8b5b28..ec05b16fb 100644
--- a/server/core/ssl.cc
+++ b/server/core/ssl.cc
@@ -202,13 +202,16 @@ const char* ssl_method_type_to_string(ssl_method_type_t method_type)
     switch (method_type)
     {
     case SERVICE_TLS10:
-        return "TLSV10";
+        return "TLSv10";
 
     case SERVICE_TLS11:
-        return "TLSV11";
+        return "TLSv11";
 
     case SERVICE_TLS12:
-        return "TLSV12";
+        return "TLSv12";
+
+    case SERVICE_TLS13:
+        return "TLSv13";
 
     case SERVICE_SSL_MAX:
     case SERVICE_TLS_MAX:
@@ -238,6 +241,10 @@ ssl_method_type_t string_to_ssl_method_type(const char* str)
     {
         return SERVICE_TLS12;
     }
+    else if (strcasecmp("TLSV13", str) == 0)
+    {
+        return SERVICE_TLS13;
+    }
     return SERVICE_SSL_UNKNOWN;
 }