Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Enable TLSv1.3 support

Mike May 14, 2019 07:45AM UTC

Hi everyone,

Is it possible to use Burp with TLSv1.3 support? From some things I've read it sounds like people are using it for this purpose, but I Googled quite a bit and can't find any specific instructions on how to enable this functionality.

Thanks for your patience with what might be a very novice question,
Mike


Rose Krawczuk May 14, 2019 10:48AM UTC Support Center agent

So at present TLS 1.3 is supported between Burp and the target server, but is disabled between the browser and Burp, this is due to some errors encountered during testing. We thought that this would not cause issues as all browsers supported TLS 1.2.

Have you encountered a browser that doesn’t support TLS 1.2?


Mike May 14, 2019 07:08PM UTC
Hi Rose,

The issue I was having was that TLSv1.3 was not appearing in cipher suites in project options, but I took another stab at it today and seemed to solve the problem by running the .jar version from the command line instead of the executable.

Thanks
Mike

Rose Krawczuk May 15, 2019 02:37PM UTC Support Center agent

Thanks for the update, Mike.


Ambrozy Kleks May 22, 2019 07:46AM UTC
Hi,

So how to enable this TLS 1.3 support? I don't see this protocol version on the list when using "custom protocols and ciphers" and can't connect when using "default protocols". Tested with newest burp and newest java.

Thanks

Rose Krawczuk May 23, 2019 08:50AM UTC Support Center agent

Ambrozy, we’d expect that if you had Java 11 then you would see TLS 1.3 in the “custom protocols and ciphers”.

Could you try using the platform installer version of the latest version of Burp 2.x?

Please note that at present TLS 1.3 is supported between Burp and the target server, but is disabled between the browser and Burp, this is due to some errors encountered during testing.


Post Your public answer

Your name
Your email address
Answer