Hi guys, I've tested this patch with:

./src/wget --secure-protocol=TLSv1_3 https://tls13.crypto.mozilla.org/
--2018-07-16 19:45:31-- https://tls13.crypto.mozilla.org/
Resolving tls13.crypto.mozilla.org... 52.32.149.186
Connecting to tls13.crypto.mozilla.org|52.32.149.186|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3456 (3.4K) [text/html]
Saving index.html.

index.html.3 100%[===================>] 3.38K --.-KB/s in 0s

2018-07-16 19:45:32 (63.2 MB/index.html. saved [3456/3456]
3s)

diff --git a/src/gnutls.c b/src/gnutls.c
index 07844c52..6ceec705 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -564,6 +564,9 @@ set_prio_default (gnutls_session_t session)
case secure_protocol_tlsv1_2:
err = gnutls_priority_set_direct (session, "NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1", NULL);
break;
+ case secure_protocol_tlsv1_3:
+ err = gnutls_priority_set_direct (session, "NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2:+VERS-TLS1.3", NULL);
+ break;

case secure_protocol_pfs:
err = gnutls_priority_set_direct (session, "PFS:-VERS-SSL3.0", NULL);
@@ -610,6 +613,11 @@ set_prio_default (gnutls_session_t session)
err = gnutls_protocol_set_priority (session, allowed_protocols);
break;

+ case secure_protocol_tlsv1_3:
+ allowed_protocols[0] = GNUTLS_TLS1_3;
+ err = gnutls_protocol_set_priority (session, allowed_protocols);
+ break;
+
default:
logprintf (LOG_NOTQUIET, _("GnuTLS: unimplemented 'secure-protocol' option value %d\n"), opt.secure_protocol);
logprintf (LOG_NOTQUIET, _("Please report this issue to bug-***@gnu.org\n"));