Index: /branches/rel_apv_10_7/usr/click/lib/libwebui/webui.h
===================================================================
--- /branches/rel_apv_10_7/usr/click/lib/libwebui/webui.h	(revision 39823)
+++ /branches/rel_apv_10_7/usr/click/lib/libwebui/webui.h	(working copy)
@@ -119,6 +119,7 @@
 #define CIPHER_ONLY_TLSV12              0x04
 #define CIPHER_COMMON                   0x08
 #define CIPHER_GCM                      0x10
+#define CIPHER_ONLY_TLSV13              0x20
 
 #define MAX_CIPHERSTR_SIZE              512
 #define MAX_PROTOCOL_SIZE               64
@@ -180,6 +181,9 @@
 	WEBUI_AES256_GCM_SHA384,
 	WEBUI_AES128_SHA256,
 	WEBUI_AES256_SHA256,
+	/* TLS 1.3 ciphers */
+	WEBUI_TLS_AES_128_GCM_SHA256,
+	WEBUI_TLS_AES_256_GCM_SHA384,
 };
 
 /*Restful API*/
Index: /branches/rel_apv_10_7/usr/click/lib/libwebui/webui.c
===================================================================
--- /branches/rel_apv_10_7/usr/click/lib/libwebui/webui.c	(revision 39823)
+++ /branches/rel_apv_10_7/usr/click/lib/libwebui/webui.c	(working copy)
@@ -128,6 +128,9 @@
 	{WEBUI_AES256_GCM_SHA384, "AES256-GCM-SHA384", CIPHER_RSA|CIPHER_GCM|CIPHER_ONLY_TLSV12, 0},
 	{WEBUI_AES128_SHA256, "AES128-SHA256", CIPHER_RSA|CIPHER_ONLY_TLSV12, 0},
 	{WEBUI_AES256_SHA256, "AES256-SHA256", CIPHER_RSA|CIPHER_ONLY_TLSV12, 0},
+	/* TLS 1.3 ciphers (lighttpd format) */
+	{WEBUI_TLS_AES_128_GCM_SHA256, "TLS-AES128-GCM-SHA256", CIPHER_GCM|CIPHER_ONLY_TLSV13, 0},
+	{WEBUI_TLS_AES_256_GCM_SHA384, "TLS-AES256-GCM-SHA384", CIPHER_GCM|CIPHER_ONLY_TLSV13, 0},
 };
 
 
@@ -233,7 +236,7 @@
 
 	idx += snprintf(cmd_str+idx, BUFSIZE_4K-idx, 
 			"/ca/bin/build_config.py /ca/webui/conf/lighttpd.conf /var/run/new_webui.conf");
-	
+
         idx += snprintf(cmd_str+idx, BUFSIZE_4K-idx, " webui_port=%d", config_p->webui_port);
         idx += snprintf(cmd_str+idx, BUFSIZE_4K-idx, " webui_bind=\"%s\"", config_p->webui_ipstr);
 
@@ -269,7 +272,11 @@
 	if (config_p->ssl_proto & WEBUI_SSL_SSLv30) {
 		len += snprintf(ssl_protos+len, MAX_PROTOCOL_SIZE-len, "%s", is_exist ? ",SSLv3" : "SSLv3");
 	}
-	
+	if (config_p->ssl_proto & WEBUI_SSL_TLSv13) {
+		len += snprintf(ssl_protos+len, MAX_PROTOCOL_SIZE-len, "%s", is_exist ? ",TLSv1.3" : "TLSv1.3");
+		is_exist = 1;
+	}
+
 	idx += snprintf(cmd_str+idx, BUFSIZE_4K-idx, " ssl_protocol=\"%s\"", ssl_protos);
 
 	#if 0
@@ -2436,6 +2443,7 @@
 	int tlsv1_flag = 0;
 	int tlsv11_flag = 0;
 	int tlsv12_flag = 0;
+	int tlsv13_flag = 0;
 	userland_app_config_t *config_p = userland_app_config_attach();
 
 	if (!config_p) {
@@ -2445,7 +2453,7 @@
 
 	/* check protocol value valid */
 	if(strcasecmp(newvalue, "ALL") == 0) {
-		protos = WEBUI_SSL_SSLv30 | WEBUI_SSL_TLSv10 | WEBUI_SSL_TLSv11 | WEBUI_SSL_TLSv12;
+		protos = WEBUI_SSL_SSLv30 | WEBUI_SSL_TLSv10 | WEBUI_SSL_TLSv11 | WEBUI_SSL_TLSv12 | WEBUI_SSL_TLSv13;
 	} else {
 		newver = (char *)malloc((strlen(newvalue)+1)*sizeof(char));
 		if(newver == NULL) {
@@ -2507,12 +2515,22 @@
 					free(stringp);
 					return ERR_WEBUI_WRONG_SSL_PROTO;
 				}
+			} else if (strcasecmp(*stringp, "TLSv13") == 0) {
+				if(tlsv13_flag == 0) {
+					tlsv13_flag = 1;
+					protos |= WEBUI_SSL_TLSv13;
+				} else {
+					printf("The input protocols contain duplicated \"TLSv13\". Please input again.\n");
+					free(tofree);
+					free(stringp);
+					return ERR_WEBUI_WRONG_SSL_PROTO;
+				}
 			} else {
-				printf("Wrong versions, try SSLv3, TLSv1, TLSv11, TLSv12 again\n");
+				printf("Wrong versions, try SSLv3, TLSv1, TLSv11, TLSv12, TLSv13 again\n");
 				free(tofree);
 				free(stringp);
 				return ERR_WEBUI_WRONG_SSL_PROTO;
-			}	
+			}
 		}
 		free(tofree);
 		free(stringp);
@@ -2544,7 +2562,6 @@
 
 	config_p->ssl_proto = protos;
 	webui_reload();
-	
 
 	return ERR_WEBUI_OK;
 }
@@ -2555,7 +2572,7 @@
 	char ssl_ciphers[MAX_CIPHERSTR_SIZE] = {'\0'}, ssl_protos[MAX_PROTOCOL_SIZE] = {'\0'};
 	int i = 0, is_exist = 0, outlen = 0, len = 0;
 	userland_app_config_t *config_p = userland_app_config_attach();
-	
+
 	if (!config_p) {
 		printf("Internal error.\n");
 		return -1;
@@ -2575,12 +2592,12 @@
 			}
 		}
 	}
-	
+
 	outlen += sprintf(buff + outlen, "webui ssl settings ciphersuites \"%s\"\n", ssl_ciphers);
 
 	len = 0;
 	is_exist = 0;
-	
+
 	if (config_p->ssl_proto & WEBUI_SSL_SSLv30) {
 		len += snprintf(ssl_protos+len, MAX_PROTOCOL_SIZE-len, "%s", "SSLv3");
 		is_exist = 1;
@@ -2596,7 +2613,10 @@
 	if (config_p->ssl_proto & WEBUI_SSL_TLSv12) {
 		len += snprintf(ssl_protos+len, MAX_PROTOCOL_SIZE-len, "%s", is_exist ? ":TLSv12" : "TLSv12");
 	}
-	
+	if (config_p->ssl_proto & WEBUI_SSL_TLSv13) {
+		len += snprintf(ssl_protos+len, MAX_PROTOCOL_SIZE-len, "%s", is_exist ? ":TLSv13" : "TLSv13");
+	}
+
 	outlen += sprintf(buff + outlen, "webui ssl settings protocol \"%s\"\n", ssl_protos);
 
 	*p_length = outlen;
Index: /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/apv/models/system/__init__.py
===================================================================
--- /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/apv/models/system/__init__.py	(revision 39823)
+++ /branches/rel_apv_10_7/usr/click/webui/htdocs/new/src/apv/models/system/__init__.py	(working copy)
@@ -705,6 +705,7 @@
                                     ('TLSv1', 'TLSv1'),
                                     ('TLSv11', 'TLSv1.1'),
                                     ('TLSv12', 'TLSv1.2'),
+                                    # ('TLSv13', 'TLSv1.3'),
                                   )),
         'webui_cipher': MultiEnumField(verbose_name=_('WebUI Cipher Suites'), optional=True, values=(
                                     ('ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES128-GCM-SHA256'),
@@ -719,6 +720,8 @@
                                     ('AES256-GCM-SHA384', 'AES256-GCM-SHA384'),
                                     ('AES128-SHA256', 'AES128-SHA256'),
                                     ('AES256-SHA256', 'AES256-SHA256'),
+                                    # ('TLS-AES128-GCM-SHA256', 'TLS-AES128-GCM-SHA256'),
+                                    # ('TLS-AES256-GCM-SHA384', 'TLS-AES256-GCM-SHA384'),
                                   )),
         'webui_source_ip': AssoField2(verbose_name='WebUI Source IP Restriction Rule', tgt='system.WebUISourceIP.source_ip_tgt', mul='1', pos='left', optional=True, help_text='Note: Changing WebUI Source settings will disable your current WebUI session.')        
     })
Index: /branches/rel_apv_10_7/usr/src/sys/click/app/util/userland_app_config.h
===================================================================
--- /branches/rel_apv_10_7/usr/src/sys/click/app/util/userland_app_config.h	(revision 39823)
+++ /branches/rel_apv_10_7/usr/src/sys/click/app/util/userland_app_config.h	(working copy)
@@ -11,12 +11,13 @@
 }webui_src_t;
 
 /* Refer to webui.c */
-#define MAX_WEBUI_SSL_CIPHER_NUM 12 
+#define MAX_WEBUI_SSL_CIPHER_NUM 14
 
 #define WEBUI_SSL_SSLv30  0x01
 #define WEBUI_SSL_TLSv10  0x02
 #define WEBUI_SSL_TLSv11  0x04
 #define WEBUI_SSL_TLSv12  0x08
+#define WEBUI_SSL_TLSv13  0x10
 
 
 typedef struct {