diff --git a/backend/ftp/ftp.go b/backend/ftp/ftp.go
index fab9bb236..ee021a308 100644
--- a/backend/ftp/ftp.go
+++ b/backend/ftp/ftp.go
@@ -124,6 +124,11 @@ Increase if default size is not enough resulting in TLS resumption errors.
 Enabled by default. Use 0 to disable.`,
 			Default:  32,
 			Advanced: true,
+		}, {
+			Name:     "disable_tls13",
+			Help:     "Disable TLS 1.3 (workaround for FTP servers with buggy TLS)",
+			Default:  false,
+			Advanced: true,
 		}, {
 			Name:     config.ConfigEncoding,
 			Help:     config.ConfigEncodingHelp,
@@ -155,6 +160,7 @@ type Options struct {
 	TLS               bool                 `config:"tls"`
 	ExplicitTLS       bool                 `config:"explicit_tls"`
 	TLSCacheSize      int                  `config:"tls_cache_size"`
+	DisableTLS13      bool                 `config:"disable_tls13"`
 	Concurrency       int                  `config:"concurrency"`
 	SkipVerifyTLSCert bool                 `config:"no_check_certificate"`
 	DisableEPSV       bool                 `config:"disable_epsv"`
@@ -446,6 +452,9 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (ff fs.Fs
 		if opt.TLSCacheSize > 0 {
 			tlsConfig.ClientSessionCache = tls.NewLRUClientSessionCache(opt.TLSCacheSize)
 		}
+		if opt.DisableTLS13 {
+			tlsConfig.MaxVersion = tls.VersionTLS12
+		}
 	}
 	u := protocol + path.Join(dialAddr+"/", root)
 	ci := fs.GetConfig(ctx)