diff --git a/src/protocol/curl/http.c b/src/protocol/curl/http.c
index 3d0549c3..e2349489 100644
--- a/src/protocol/curl/http.c
+++ b/src/protocol/curl/http.c
@@ -202,6 +202,14 @@ do_http(struct connection *conn)
 		curl_easy_setopt(curl, CURLOPT_MAX_RECV_SPEED_LARGE, (curl_off_t)get_opt_long("protocol.http.curl_max_recv_speed", NULL));
 		curl_easy_setopt(curl, CURLOPT_MAX_SEND_SPEED_LARGE, (curl_off_t)get_opt_long("protocol.http.curl_max_send_speed", NULL));
 
+		if (conn->uri->protocol == PROTOCOL_HTTPS) {
+			char *ciphers = get_opt_str("protocol.https.curl_tls13_ciphers", NULL);
+
+			if (ciphers && *ciphers) {
+				curl_easy_setopt(curl, CURLOPT_TLS13_CIPHERS, ciphers);
+			}
+		}
+
 		if (bundle) {
 			curl_easy_setopt(curl, CURLOPT_CAINFO, bundle);
 		}
diff --git a/src/protocol/http/http.c b/src/protocol/http/http.c
index c396d66c..d2b5d0be 100644
--- a/src/protocol/http/http.c
+++ b/src/protocol/http/http.c
@@ -235,6 +235,12 @@ static union option_info http_options[] = {
 		"https", OPT_ZERO,
 		N_("HTTPS-specific options.")),
 
+#if defined(CONFIG_LIBCURL)
+	INIT_OPT_STRING("protocol.https", N_("Curl TLS13 ciphers"),
+		"curl_tls13_ciphers", OPT_ZERO, "",
+		N_("Colon separated list of TLS13 ciphers. See https://curl.se/docs/ssl-ciphers.html")),
+#endif
+
 	INIT_OPT_TREE("protocol.https", N_("Proxy configuration"),
 		"proxy", OPT_ZERO,
 		N_("HTTPS proxy configuration.")),
@@ -244,6 +250,7 @@ static union option_info http_options[] = {
 		N_("Host and port-number (host:port) of the HTTPS CONNECT "
 		"proxy, or blank. If it's blank, HTTPS_PROXY environment "
 		"variable is checked as well.")),
+
 	NULL_OPTION_INFO,
 };