Index: /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/inc/language/chinese.php
===================================================================
--- /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/inc/language/chinese.php	(revision 20536)
+++ /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/inc/language/chinese.php	(working copy)
@@ -5481,6 +5481,7 @@
 	'svd_inactivity_warining_msg' => '闲置超时警告时间的值应该在1到30之间。',
 	'ip_netpool_keepalive_interval' => 'Netpool保持活动间隔*',
 	'tls_v12' => 'TLSv12',
+	'tls_v13' => 'TLSv13',
 	'localdb_autobackup' => '本地数据库自动备份',
 	'localdb_autobackup_count' => '数量',
 	'localdb_autobackup_time' => '时间',
Index: /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/inc/language/default.php
===================================================================
--- /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/inc/language/default.php	(revision 20536)
+++ /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/inc/language/default.php	(working copy)
@@ -3371,6 +3371,7 @@
 	'ssl_protocol_support' => 'SSL Protocol Support',
 	'ssl_v3' => 'SSLv3',
 	'tls_v1' => 'TLSv1',
+	'tls_v13' => 'TLSv13',
 	'sm2_v11' => 'SM2v11',
 	'ssl_protocol_support_empty' => 'At least one type of SSL protocol should be selected.',
 	'enable_session_reuse' => 'Enable SSL Session Cache',
Index: /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/inc/language/japanese.php
===================================================================
--- /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/inc/language/japanese.php	(revision 20536)
+++ /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/inc/language/japanese.php	(working copy)
@@ -5431,6 +5431,7 @@
 	'note_vpnmotionpro' => '*注: MotionPro サービスが無効になっていると、DesktopDirect、Portal Bookmark 機能等が動作しません。',
 	'ip_netpool_keepalive_interval'               => 'ネットプール Keep-alive 間隔*',
 	'tls_v12' => 'TLSv12',
+	'tls_v13' => 'TLSv13',
 	'role_edit_msg' => '説明や優先順位を変更するには、セルをクリックし、"F2"、"Enter"を押すか、セルをダブルクリックしてください。変更を保存するには、対象のセルの外でマウスをクリックしてください。<br>優先順位の値は1-2000の間となります: 数字が大きければ大きいほど、ユーザロールの優先度が低くなります。',
 	'navNode_gVPN' => 'VPN',
 	'localdb_autobackup' => 'LocalDB 自動バックアップ',
Index: /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/inc/language/traditional_chinese.php
===================================================================
--- /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/inc/language/traditional_chinese.php	(revision 20536)
+++ /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/inc/language/traditional_chinese.php	(working copy)
@@ -5481,6 +5481,7 @@
 	'svd_inactivity_warining_msg' => '閒置超時警告時間的值應在1到30之間。',
 	'ip_netpool_keepalive_interval' => 'Netpool保持活動間隔*',
 	'tls_v12' => 'TLSv12',
+	'tls_v13' => 'TLSv13',
 	'localdb_autobackup' => '本地資料庫自動備份',
 	'localdb_autobackup_count' => '數量',
 	'localdb_autobackup_time' => '時間',
Index: /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/incVirtual/siteConfig/securitySettings/clientSec/class.cliWrap_gSharedCipher.php
===================================================================
--- /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/incVirtual/siteConfig/securitySettings/clientSec/class.cliWrap_gSharedCipher.php	(revision 20536)
+++ /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/incVirtual/siteConfig/securitySettings/clientSec/class.cliWrap_gSharedCipher.php	(working copy)
@@ -119,6 +119,8 @@
 						'ECDHE-ECDSA-AES256-GCM-SHA384' => array(-1, '256 bit AES-GCM (ECDHE-ECDSA/SHA384)'),
 						'ECC-SM4-SM3' => array(-1, '128 bit SM4 (ECC/SM3)'),
 						'ECDHE-SM4-SM3' => array(-1, '128 bit SM4 (ECDHE/SM3)'),
+						'TLS-AES128-GCM-SHA256' => array(-1, '128-bit TLSv13-AES-GCM (SHA256)'),
+						'TLS-AES256-GCM-SHA384' => array(-1, '256-bit TLSv13-AES-GCM (SHA384)'),
 			);
 			$this->signalgoRawData = array(
 						'sha256ECDSA' => array(-1, 'sha256ECDSA'),
Index: /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/incVirtual/siteConfig/securitySettings/clientSec/class.cliWrap_gSharedSSLGeneral.php
===================================================================
--- /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/incVirtual/siteConfig/securitySettings/clientSec/class.cliWrap_gSharedSSLGeneral.php	(revision 20536)
+++ /branches/rel_ag_9_4_5_ssl_tls13/webui/proxy/new/incVirtual/siteConfig/securitySettings/clientSec/class.cliWrap_gSharedSSLGeneral.php	(working copy)
@@ -132,43 +132,33 @@
 				case ($this->classId . '_supportProtocols_SSLv3'):
 				case ($this->classId . '_supportProtocols_TLSv1'):
 				case ($this->classId . '_supportProtocols_TLSv12'):
+				case ($this->classId . '_supportProtocols_TLSv13'):
 				case ($this->classId . '_supportProtocols_SM2v11'):
 				// ------------------------------------------------------------
-				// Support SSLv3/TLSv1/TLSv12/SM2v11
+				// Support SSLv3/TLSv1/TLSv12/TLSv13/SM2v11
 				// ------------------------------------------------------------
-					$t_protocol = '';
-					//  SM2v11 is supported
+					$t_protocolArray = array();
+
+					// Check each protocol and add to array if selected
 					if(isset($_POST[$this->classId . '_supportProtocols_SM2v11'])) {
-						$t_protocol = 'SM2v11';
-				    } 
+						$t_protocolArray[] = 'SM2v11';
+					}
 					if(isset($_POST[$this->classId . '_supportProtocols_SSLv3'])) {
-						//  sslv3 is supported 
-						//  sslv3 is supported ,tlsv1 is supported 
-						if ($t_protocol == '') {
-							$t_protocol = 'SSLv3';
-						} else {
-							$t_protocol .= ':SSLv3';
-						}
+						$t_protocolArray[] = 'SSLv3';
+					}
+					if(isset($_POST[$this->classId . '_supportProtocols_TLSv1'])) {
+						$t_protocolArray[] = 'TLSv1';
 					}
 					if(isset($_POST[$this->classId . '_supportProtocols_TLSv12'])) {
-						//  TLSv1 is supported 
-						//  TLSv1 is supported ,tlsv1 is supported 
-						if ($t_protocol == '') {
-							$t_protocol = 'TLSv12';
-						} else {
-							$t_protocol .= ':TLSv12';
-						}
+						$t_protocolArray[] = 'TLSv12';
 					}
-					if(isset($_POST[$this->classId . '_supportProtocols_TLSv1'])) {
-						//  TLSv12 is supported 
-						//  TLSv12 is supported ,tlsv12 is supported 
-						if ($t_protocol == '') {
-							$t_protocol = 'TLSv1';
-						} else {
-							$t_protocol .= ':TLSv1';
-						}
+					if(isset($_POST[$this->classId . '_supportProtocols_TLSv13'])) {
+						$t_protocolArray[] = 'TLSv13';
 					}
 
+					// Convert array to colon-separated string
+					$t_protocol = implode(':', $t_protocolArray);
+
 					if ($t_protocol != '') {
 						$t_errStr = cli::cmd_direct('ssl settings protocol ' . $t_protocol);
 						if (!empty($t_errStr)) {
@@ -177,7 +167,7 @@
 					} else {
 						$this->jsOnLoadEnd = 'g_errStr += "' . language::translate('ssl_protocol_support_empty') . '";';
 					}
-					
+
 					break;
 				case ($this->classId . '_enableSessionReuse'):
 				// ------------------------------------------------------------
@@ -190,7 +180,7 @@
 				// Enable/disable ssl renegotiation
 				// ------------------------------------------------------------
 					$t_errStr = cli::cmd_direct(((isset($_POST[$data])) ? '' : 'no ') . 'ssl settings renegotiation');
-					break; 
+					break;
 				case ($this->classId . '_enableSSLLegacyRenegotiation'):
 					$t_errStr = cli::cmd_direct(((isset($_POST[$data])) ? '' : 'no ') . 'ssl settings reneg legacy');
 					break;
@@ -255,7 +245,7 @@
 	********************************************************************/
     function setMainContent () {
 		global $g_tabIndex; // Use to assign tab index order
-		
+
 		// ------------------------------------------------------------
 		// Parse cli response for data
 		// ------------------------------------------------------------
@@ -265,32 +255,16 @@
 
 		$t_isSSLv3Enabled = (preg_match('/SSLv3/',$t_cliResp) > 0) ? TRUE : FALSE;
 		$t_supportSSLv3 = $t_isSSLv3Enabled;
-		
+
 		// Check if SSL is enabled
 		$t_cli_showSSLStat = cli::cmd_direct("show run ssl");
 		$this->isSSLEnabled  = (strpos($t_cli_showSSLStat, "ssl start") !== false) ? TRUE : FALSE;
 
-		// check whether TLSV1 and TLSV12 should be checked
-		$result = substr_count($t_cliResp, 'TLSv1');
-		if ($result > 1) {
-			$t_supportTLSv1 = TRUE;
-			$t_supportTLSv12 = TRUE;
-		}
-		elseif ($result == 1) {
-				if (preg_match('/TLSv12/', $t_cliResp) > 0) {
-					$t_supportTLSv1 = FALSE;
-					$t_supportTLSv12 = TRUE;
-				}
-				else {
-					$t_supportTLSv1 = TRUE;
-					$t_supportTLSv12 = FALSE;
-				}
-		}
-		else {
-			$t_supportTLSv1 = FALSE;
-			$t_supportTLSv12 = FALSE;
-		}
-		
+		// check whether TLSV1, TLSV12 and TLSv13 should be checked (independent detection)
+		$t_supportTLSv1 = (preg_match('/\bTLSv1\b/', $t_cliResp) > 0) ? TRUE : FALSE;
+		$t_supportTLSv12 = (preg_match('/TLSv12/', $t_cliResp) > 0) ? TRUE : FALSE;
+		$t_supportTLSv13 = (preg_match('/TLSv13/', $t_cliResp) > 0) ? TRUE : FALSE;
+
 		$t_isSessionReuseEnabled = (preg_match('/Session Reuse[^C]*enabled/',$t_cliResp) > 0) ? TRUE : FALSE;
 		$this->isSSLRenegotiationEnabled = (preg_match('/SSL renegotiation[\s]*?:[\s]*?enabled/',$t_cliResp) > 0) ? TRUE : FALSE;
 		$t_ssl_legacy_renegotiation = (preg_match('/SSL legacy renegotiation[\s]*?:[\s]*?enabled/',$t_cliResp) > 0) ? TRUE : FALSE;
@@ -304,7 +278,7 @@
 		} else {
 			$t_ocspURL = '';
 		}
-								
+
 		$this->mainContent = anLib_htmlCode::pageSectionStart('general_ssl_settings', 1, $this->getSectionHeaderBtns());
 		$this->mainContent .= anLib_htmlCode::cliWrap_startTable();
 		// ------------------------------------------------------------
@@ -324,12 +298,13 @@
 				$this->mainContent .= '		<TD class="fieldLabel">';
 				$this->mainContent .=			language::translate('ssl_protocol_support') . ':</TD>';
 				$this->mainContent .= '		<TD>';
-				
+
 				$this->mainContent .=			language::translate('ssl_v3') . anLib_htmlCode::checkbox('_supportProtocols_SSLv3', $this, $t_supportSSLv3, $g_tabIndex++, 'onclick="onSSLSelected();formAction_add(\'' . $this->classId . '_supportProtocols_SSLv3\');"') . anLib_htmlCode::fieldSpacer();
 				$this->mainContent .=			language::translate('tls_v1') . anLib_htmlCode::checkbox('_supportProtocols_TLSv1', $this, $t_supportTLSv1, $g_tabIndex++, 'onclick="onSSLSelected();formAction_add(\'' . $this->classId . '_supportProtocols_TLSv1\');"') . anLib_htmlCode::fieldSpacer(); 
 				$this->mainContent .=			language::translate('tls_v12') . anLib_htmlCode::checkbox('_supportProtocols_TLSv12', $this, $t_supportTLSv12, $g_tabIndex++, 'onclick="onSSLSelected();formAction_add(\'' . $this->classId . '_supportProtocols_TLSv12\');"') . anLib_htmlCode::fieldSpacer();
+				$this->mainContent .=			language::translate('tls_v13') . anLib_htmlCode::checkbox('_supportProtocols_TLSv13', $this, $t_supportTLSv13, $g_tabIndex++, 'onclick="onSSLSelected();formAction_add(\'' . $this->classId . '_supportProtocols_TLSv13\');"') . anLib_htmlCode::fieldSpacer();
 				$this->mainContent .=			language::translate('sm2_v11') . anLib_htmlCode::checkbox('_supportProtocols_SM2v11', $this, $t_supportSM2v11, $g_tabIndex++, 'onclick="onSSLSelected();formAction_add(\'' . $this->classId . '_supportProtocols_SM2v11\');"') .'</TD></TR>';
-								
+
 				$this->mainContent .= anLib_htmlCode::cliWrap_rowCheckBox('_enableSessionReuse',
 					'enable_session_reuse',
 					$this,