diff --git a/manifests/init.pp b/manifests/init.pp
index e3c20204..67d1057b 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -386,7 +386,7 @@
 # $server_connect_timeout::                 How long the server will wait for a response to a connection attempt
 #
 # $server_ssl_protocols::                   Array of SSL protocols to use.
-#                                           Defaults to [ 'TLSv1.2' ]
+#                                           Defaults to [ 'TLSv1.3', 'TLSv1.2' ]
 #
 # $server_ssl_chain_filepath::              Path to certificate chain for puppetserver
 #                                           Only used when $ca is true
diff --git a/manifests/params.pp b/manifests/params.pp
index 20b834b3..f4feb749 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -379,7 +379,7 @@
     'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
     'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
   ]
-  $server_ssl_protocols                   = ['TLSv1.2']
+  $server_ssl_protocols                   = ['TLSv1.3', 'TLSv1.2']
   $server_ssl_chain_filepath              = undef
   $server_check_for_updates               = true
   $server_environment_class_cache_enabled = false
diff --git a/manifests/server.pp b/manifests/server.pp
index bf4188fe..b47488fd 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -217,7 +217,7 @@
 #                                      Defaults to the Jetty default of 30s
 #
 # $ssl_protocols::                     Array of SSL protocols to use.
-#                                      Defaults to [ 'TLSv1.2' ]
+#                                      Defaults to [ 'TLSv1.3', 'TLSv1.2' ]
 #
 # $ssl_chain_filepath::                Path to certificate chain for puppetserver
 #                                      Defaults to "${ssl_dir}/ca/ca_crt.pem"