Enable TLSv1.3 support
Is it possible to use Burp with TLSv1.3 support? From some things I've read it sounds like people are using it for this purpose, but I Googled quite a bit and can't find any specific instructions on how to enable this functionality.
Thanks for your patience with what might be a very novice question,
So at present TLS 1.3 is supported between Burp and the target server, but is disabled between the browser and Burp, this is due to some errors encountered during testing. We thought that this would not cause issues as all browsers supported TLS 1.2.
Have you encountered a browser that doesn’t support TLS 1.2?
The issue I was having was that TLSv1.3 was not appearing in cipher suites in project options, but I took another stab at it today and seemed to solve the problem by running the .jar version from the command line instead of the executable.
Thanks for the update, Mike.
So how to enable this TLS 1.3 support? I don't see this protocol version on the list when using "custom protocols and ciphers" and can't connect when using "default protocols". Tested with newest burp and newest java.
Ambrozy, we’d expect that if you had Java 11 then you would see TLS 1.3 in the “custom protocols and ciphers”.
Could you try using the platform installer version of the latest version of Burp 2.x?
Please note that at present TLS 1.3 is supported between Burp and the target server, but is disabled between the browser and Burp, this is due to some errors encountered during testing.