diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index cdecd36345..929e2b5a9e 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -92,8 +92,11 @@ Changed
   Contributed by @Kami.
 
 * Default nginx config (``conf/nginx/st2.conf``) which is used by the installer and Docker
-  images has been updated to only support TLS v1.2 (support for TLS v1.0 and v1.1 has been
-  removed). #5183
+  images has been updated to only support TLS v1.2 and TLS v1.3 (support for TLS v1.0 and v1.1
+  has been removed).
+
+  Keep in mind that TLS v1.3 will only be used when nginx is running on more recent distros
+  where nginx is compiled against OpenSSL v1.1.1 which supports TLS 1.3. #5183 #5216
 
   Contributed by @Kami and @shital.
 
diff --git a/conf/HA/nginx/st2.conf.blueprint.sample b/conf/HA/nginx/st2.conf.blueprint.sample
index 293cdb31f5..91f3cdafd6 100644
--- a/conf/HA/nginx/st2.conf.blueprint.sample
+++ b/conf/HA/nginx/st2.conf.blueprint.sample
@@ -29,7 +29,7 @@ server {
   ssl_certificate_key       /etc/ssl/st2/st2.key;
   ssl_session_cache         shared:SSL:10m;
   ssl_session_timeout       5m;
-  ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
+  ssl_protocols             TLSv1.2 TLSv1.3;
   ssl_ciphers               EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
   ssl_prefer_server_ciphers on;
 
diff --git a/conf/HA/nginx/st2.conf.controller.sample b/conf/HA/nginx/st2.conf.controller.sample
index 3a3063dbf7..b7108f56c8 100644
--- a/conf/HA/nginx/st2.conf.controller.sample
+++ b/conf/HA/nginx/st2.conf.controller.sample
@@ -34,7 +34,7 @@ server {
   ssl_certificate_key       /etc/ssl/st2/st2.key;
   ssl_session_cache         shared:SSL:10m;
   ssl_session_timeout       5m;
-  ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
+  ssl_protocols             TLSv1.2 TLSv1.3;
   ssl_ciphers               EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
   ssl_prefer_server_ciphers on;
 
diff --git a/conf/nginx/st2.conf b/conf/nginx/st2.conf
index 6d1f4a2155..96394ccce4 100644
--- a/conf/nginx/st2.conf
+++ b/conf/nginx/st2.conf
@@ -36,7 +36,7 @@ server {
   ssl_certificate_key       /etc/ssl/st2/st2.key;
   ssl_session_cache         shared:SSL:10m;
   ssl_session_timeout       5m;
-  ssl_protocols             TLSv1.2;
+  ssl_protocols             TLSv1.2 TLSv1.3;
   ssl_ciphers               EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
   ssl_prefer_server_ciphers on;