It's listed in the "Possible future features" section...

Isn't TLS 1.3 currently still a draft? [1]

[1]: https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1...

Yes, TLS 1.3 is still in draft[1]. Heard from a co-worker on Friday (@grittygrease) that draft 14 should be arriving very soon. We (CloudFlare) have implemented draft 13 in go and are actively testing it—try browsing https://tls13.cloudflare.com with Firefox nightly[2].

I think BoringSSL is also[3] working on their implementation and NSS (Firefox's SSL/TLS library) implemented[4] draft 11 in v3.23, but OpenSSL doesn't have plans to until after 1.1 ships[5]; I've heard the former is expected to land about 6 months prior to the latter as OpenSSL isn't starting until the RFC is finalized.

1 - https://tools.ietf.org/html/draft-ietf-tls-tls13-11 (draft 13) 2 - https://nightly.mozilla.org/ 3 - https://www.imperialviolet.org/2015/10/17/boringssl.html 4 - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NS... 5 - https://www.openssl.org/policies/roadmap.html

Pat missed one bit: you need to head to about:config and set "security.tls.version.max" to 4.

Good point. You'd figure I'd remember this after Nick put it on the monster video wall: http://imgur.com/cf28rpt ;)

Think draft 13 is only deployed internally (as we're dogfooding it). Draft 11 is what's live unless you're on VPN. Nick (https://twitter.com/grittygrease) can confirm.

tls13.cloudflare.com now speaks draft 13

Oh. You're right. Got the numbers confused.

TLS 1.3 is too "modern".