Burp Suite User Forum

Login to post

Enable TLSv1.3 support

Mike | Last updated: May 14, 2019 07:45AM UTC

Hi everyone, Is it possible to use Burp with TLSv1.3 support? From some things I've read it sounds like people are using it for this purpose, but I Googled quite a bit and can't find any specific instructions on how to enable this functionality. Thanks for your patience with what might be a very novice question, Mike

Rose, PortSwigger Agent | Last updated: May 14, 2019 10:41AM UTC

So at present TLS 1.3 is supported between Burp and the target server, but is disabled between the browser and Burp, this is due to some errors encountered during testing. We thought that this would not cause issues as all browsers supported TLS 1.2. Have you encountered a browser that doesn't support TLS 1.2?

Burp User | Last updated: May 14, 2019 07:08PM UTC

Hi Rose, The issue I was having was that TLSv1.3 was not appearing in cipher suites in project options, but I took another stab at it today and seemed to solve the problem by running the .jar version from the command line instead of the executable. Thanks Mike

Rose, PortSwigger Agent | Last updated: May 15, 2019 02:29PM UTC

Thanks for the update, Mike.

Burp User | Last updated: May 22, 2019 07:46AM UTC

Hi, So how to enable this TLS 1.3 support? I don't see this protocol version on the list when using "custom protocols and ciphers" and can't connect when using "default protocols". Tested with newest burp and newest java. Thanks

Rose, PortSwigger Agent | Last updated: May 22, 2019 02:15PM UTC

Ambrozy, we'd expect that if you had Java 11 then you would see TLS 1.3 in the "custom protocols and ciphers". Could you try using the platform installer version of the latest version of Burp 2.x? Please note that at present TLS 1.3 is supported between Burp and the target server, but is disabled between the browser and Burp, this is due to some errors encountered during testing.

You need to Log in to post a reply. Or register here, for free.