@@ -72,6 +72,8 @@ public class OpenSSLCipherConfigurationParser {
7272 */
7373 private static final Map <String ,List <Cipher >> aliases = new LinkedHashMap <>();
7474
75+ private static final Set <String > tls13CipherSuiteNames = new HashSet <>();
76+
7577 /**
7678 * the 'NULL' ciphers that is those offering no encryption. Because these offer no encryption at all and are a
7779 * security risk they are disabled unless explicitly included.
@@ -423,6 +425,16 @@ private static void init() {
423425 for (String jsseName : jsseNames ) {
424426 jsseToOpenSSL .put (jsseName , cipher .getOpenSSLAlias ());
425427 }
428+
429+ if (cipher .getProtocol ().equals (Protocol .TLSv1_3 )) {
430+ tls13CipherSuiteNames .add (cipher .getOpenSSLAlias ());
431+ /*
432+ * The TLS 1.3 cipher suites do not, currently (January 2026), have any alternative names defined so the
433+ * following two calls are NO-OPs but are implemented in case alternative names are used in the future.
434+ */
435+ tls13CipherSuiteNames .addAll (cipher .getOpenSSLAltNames ());
436+ tls13CipherSuiteNames .addAll (cipher .getJsseNames ());
437+ }
426438 }
427439 List <Cipher > allCiphersList = Arrays .asList (Cipher .values ());
428440 Collections .reverse (allCiphersList );
@@ -819,6 +831,20 @@ public static List<String> convertForJSSE(Collection<Cipher> ciphers) {
819831 return result ;
820832 }
821833
834+ /**
835+ * Determines if the provided name is the name of a TLS 1.3 cipher suite.
836+ *
837+ * @param cipherSuiteName The name to test
838+ *
839+ * @return {@code true} if the provided String is recognised as the name of a TLS 1.3 cipherSuite.
840+ */
841+ public static boolean isTls13Cipher (String cipherSuiteName ) {
842+ if (!initialized ) {
843+ init ();
844+ }
845+ return tls13CipherSuiteNames .contains (cipherSuiteName );
846+ }
847+
822848 /**
823849 * Parse the specified expression according to the OpenSSL syntax and returns a list of standard JSSE cipher names.
824850 *
0 commit comments