Chrome/Brave can only be made to use only TLS 1.2 and above by a command-line switch
This can be implemented by setting up a shortcut
!NOTE: ONLY starting Chrome/Brave from this shortcut will prevent use of insecure protocols.
To create a secure shortcut:
Right-click on your desktop and select “New”, then “Shortcut”.
In the "Create Shortcut” panel, browse to the location of your Chrome installation and select the Chrome icon – the default location is:
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
“C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe”
Add the following command line switch –ssl-version-min=tls1.2 after the item location (i.e., after the ending quote) to appear thus:
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --ssl-version-min=tls1.2
“C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe” -–ssl-version-min=tls1.2
Make sure and separate the switch from the location with a space.
Name the shortcut (SSL.com suggests giving it a unique name which will remind you that this shortcut is secure) and click “Finish”.
Again, the only way to be certain that your Chrome/Brave session is secure will be using your new shortcut.
DoH also needs a switch, hope this link can help you configure it correctly