In TLS 1.3 the specification changed the way that ciphers are represented, dropping a lot of the components in the Cipher Spec names. The names now follow the format TLS_AEAD_HASH (ref: https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.4). Currently Grok looks for the _WITH_ marker in the cipher spec and bails if it can't find it (https://github.com/timw/groktls/blob/master/src/main/java/org/archie/groktls/impl/cipher/CipherSuiteParserImpl.java#L56), this makes it impossible to parse any of the TLS 1.3 ciphers and so means that any server using the Grok to filter ciphers for use on a server will never expose TLS 1.3 (since the 1.3 ciphers will never be selected), and similarly on the client a client will never select these.

A trivial test for this is:

@Test
public void test() {
    assertNotNull(new GrokTLS().createCipherSuiteParser().parse("TLS_AES_128_GCM_SHA256"));
}