diff --git a/manifests/init.pp b/manifests/init.pp
index 5352f0df..5f459212 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -386,7 +386,7 @@
 # $server_connect_timeout::                 How long the server will wait for a response to a connection attempt
 #
 # $server_ssl_protocols::                   Array of SSL protocols to use.
-#                                           Defaults to [ 'TLSv1.2' ]
+#                                           Defaults to [ 'TLSv1.3', 'TLSv1.2' ]
 #
 # $server_ssl_chain_filepath::              Path to certificate chain for puppetserver
 #                                           Only used when $ca is true
diff --git a/manifests/params.pp b/manifests/params.pp
index 4eab6d50..a4f89851 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -387,7 +387,7 @@
     'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
     'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
   ]
-  $server_ssl_protocols                   = [ 'TLSv1.2' ]
+  $server_ssl_protocols                   = [ 'TLSv1.3', 'TLSv1.2' ]
   $server_ssl_chain_filepath              = undef
   $server_check_for_updates               = true
   $server_environment_class_cache_enabled = false
diff --git a/manifests/server.pp b/manifests/server.pp
index fc94aa87..a296d01b 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -217,7 +217,7 @@
 #                                      Defaults to the Jetty default of 30s
 #
 # $ssl_protocols::                     Array of SSL protocols to use.
-#                                      Defaults to [ 'TLSv1.2' ]
+#                                      Defaults to [ 'TLSv1.3', 'TLSv1.2' ]
 #
 # $ssl_chain_filepath::                Path to certificate chain for puppetserver
 #                                      Defaults to "${ssl_dir}/ca/ca_crt.pem"