diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 866ca4dfa9..4654becf1d 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -31,7 +31,25 @@ const unsigned char tls12downgrade[] = {
 };
 
 /* The list of available TLSv1.3 ciphers */
+/* Since nginx can not set the TLS 1.3 cipher, remove it temporarily. */
 static SSL_CIPHER tls13_ciphers[] = {
+    {
+        0,
+    }
+};
+
+/*
+ * The list of available ciphers, mostly organized into the following
+ * groups:
+ *      Always there
+ *      EC
+ *      PSK
+ *      SRP (within that: RSA EC PSK)
+ *      Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
+ *      Weak ciphers
+ */
+static SSL_CIPHER ssl3_ciphers[] = {
+    /* TLSv1.3 ciphers */
     {
         1,
         TLS1_3_RFC_AES_128_GCM_SHA256,
@@ -111,20 +129,8 @@ static SSL_CIPHER tls13_ciphers[] = {
         SSL_HANDSHAKE_MAC_SHA256,
         128,
         128,
-    }
-};
-
-/*
- * The list of available ciphers, mostly organized into the following
- * groups:
- *      Always there
- *      EC
- *      PSK
- *      SRP (within that: RSA EC PSK)
- *      Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
- *      Weak ciphers
- */
-static SSL_CIPHER ssl3_ciphers[] = {
+    },
+    /* List of cipher below TLSv1.3 */
     {
      1,
      SSL3_TXT_RSA_NULL_MD5,
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 14066d0ea4..458b67f383 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -294,6 +294,7 @@ static const SSL_CIPHER cipher_aliases[] = {
     {0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
     {0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
     {0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION},
+    {0, "TLS13", NULL, 0, 0, 0, 0, 0, TLS1_3_VERSION},
 
     /* strength classes */
     {0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
@@ -1538,6 +1539,9 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
     ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0,
                           CIPHER_BUMP, -1, &head, &tail);
 
+    ssl_cipher_apply_rule(0, 0, 0, 0, 0, TLS1_3_VERSION, 0, CIPHER_BUMP, -1,
+                          &head, &tail);
+
     /* Now disable everything (maintaining the ordering!) */
     ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
 
@@ -1594,15 +1598,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         return NULL;
     }
 
-    /* Add TLSv1.3 ciphers first - we always prefer those if possible */
-    for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
-        if (!sk_SSL_CIPHER_push(cipherstack,
-                                sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
-            sk_SSL_CIPHER_free(cipherstack);
-            return NULL;
-        }
-    }
-
     /*
      * The cipher selection for the list is done. The ciphers are added
      * to the resulting precedence to the STACK_OF(SSL_CIPHER).