TLS 1.3 support has been backported to Java 8 in 8u272 which was release in October 2020. It will have been pulled in by any user that is getting Java security updates and is in all supported LTS OS streams (Redhat 7, Ubuntu 18.04, ...).
Moreover it appears that adding the TLSv1.3 protocol and cipher suites to the existing TLSv1.2 cipher suites is handled correctly, making TLS1.3 connections where available and downgrading to TLSv1.2 when not.
- Add the TLSv1.3 and applicable cipher suites to tk-jetty9 and release it in all support FOSS streams (eg Puppet Server and PDB 6.x and 7.x). The TLS 1.3 ciphers suites that should be added to the existing TLSv1.2 suites are listed here: https://confluence.puppetlabs.com/display/SRE/TLS+Usage+Standard
- Double check the existing cipher suites against the preferred order listed here: https://confluence.puppetlabs.com/display/SRE/TLS+Usage+Standard
This work should be completed and release to users prior to the PE build where we want to enable TLSv1.3.