Disable TLS 1.0 and 1.1 and Enable DoH/DoT

Hi

I am really enjoying Brave but wanted to know how to:

  • Disable TLS 1.0 and 1.1 - I have disabled them withing the registry but when testing through https://www.ssllabs.com/ssltest/viewMyClient.html it still shows that TLS 1.0 and 1.1 are enabled.

  • Is it possible to Enable DoH/DoT? I currently use Quad 9 as my DNS provider and would like to use DoH if possible

Thanks

2 Likes

Chrome/Brave can only be made to use only TLS 1.2 and above by a command-line switch
This can be implemented by setting up a shortcut
!NOTE: ONLY starting Chrome/Brave from this shortcut will prevent use of insecure protocols.

To create a secure shortcut:

  1. Right-click on your desktop and select “New”, then “Shortcut”.

  2. In the "Create Shortcut” panel, browse to the location of your Chrome installation and select the Chrome icon – the default location is:
    “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
    “C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe”

  3. Add the following command line switch –ssl-version-min=tls1.2 after the item location (i.e., after the ending quote) to appear thus:
    “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --ssl-version-min=tls1.2
    “C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe” -–ssl-version-min=tls1.2
    Make sure and separate the switch from the location with a space.

  4. Name the shortcut (SSL.com suggests giving it a unique name which will remind you that this shortcut is secure) and click “Finish”.

  5. Again, the only way to be certain that your Chrome/Brave session is secure will be using your new shortcut.

DoH also needs a switch, hope this link can help you configure it correctly

Regards,
ApnApn

Hi. Thank you for your reply. Unfortunately this does not seem to disable TLS 1.0 and 1.1. The broswer test at https://www.ssllabs.com/ still shows them as being available.

Hi, thanks for poiting out that my shortcut doesnt work. But if you start from a command line with the switch, it does.
C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application>brave.exe --ssl-version-min=tls1.2
No not know why yet.