diff --git a/cmd/http/server.go b/cmd/http/server.go
index 8ee47fe41..e56a52a66 100644
--- a/cmd/http/server.go
+++ b/cmd/http/server.go
@@ -20,6 +20,7 @@ import (
 	"crypto/tls"
 	"errors"
 	"net/http"
+	"os"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -31,6 +32,13 @@ import (
 	"github.com/minio/minio/pkg/certs"
 )
 
+func init() {
+	// Opt-in to TLS 1.3. See: https://golang.org/pkg/crypto/tls
+	// In future Go versions TLS 1.3 probably gets enabled by default.
+	// So, we can remove this line as soon as this is the case.
+	os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1")
+}
+
 const (
 	serverShutdownPoll = 500 * time.Millisecond