Disable TLS 1.0 and 1.1 and Enable DoH/DoT

noggie · October 13, 2019, 10:30am

Hi

I am really enjoying Brave but wanted to know how to:

Disable TLS 1.0 and 1.1 - I have disabled them withing the registry but when testing through https://www.ssllabs.com/ssltest/viewMyClient.html it still shows that TLS 1.0 and 1.1 are enabled.
Is it possible to Enable DoH/DoT? I currently use Quad 9 as my DNS provider and would like to use DoH if possible

Thanks

apnapn · November 20, 2019, 12:15pm

Chrome/Brave can only be made to use only TLS 1.2 and above by a command-line switch
This can be implemented by setting up a shortcut
!NOTE: ONLY starting Chrome/Brave from this shortcut will prevent use of insecure protocols.

To create a secure shortcut:

Right-click on your desktop and select “New”, then “Shortcut”.
In the "Create Shortcut” panel, browse to the location of your Chrome installation and select the Chrome icon – the default location is:
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”
“C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe”
Add the following command line switch –ssl-version-min=tls1.2 after the item location (i.e., after the ending quote) to appear thus:
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” --ssl-version-min=tls1.2
“C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe” -–ssl-version-min=tls1.2
Make sure and separate the switch from the location with a space.
Name the shortcut (SSL.com suggests giving it a unique name which will remind you that this shortcut is secure) and click “Finish”.
Again, the only way to be certain that your Chrome/Brave session is secure will be using your new shortcut.

DoH also needs a switch, hope this link can help you configure it correctly

Regards,
ApnApn

noggie · November 23, 2019, 3:04pm

Hi. Thank you for your reply. Unfortunately this does not seem to disable TLS 1.0 and 1.1. The broswer test at https://www.ssllabs.com/ still shows them as being available.

apnapn · November 25, 2019, 7:55am

Hi, thanks for poiting out that my shortcut doesnt work. But if you start from a command line with the switch, it does.
C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application>brave.exe --ssl-version-min=tls1.2
No not know why yet.

system · January 24, 2020, 7:55am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Does Brave support DNS over TLS?	2	1072	July 2, 2023
How to enable DNS-over-HTTPS (DoH) Desktop Support windows	8	45621	April 19, 2020
How to completely disable DoH on brave? (M/D + PiHole) Browser Support linux , android	1	1178	July 13, 2020
DNS over HTTPS doesn't work anymore on Brave Desktop Desktop Support windows	44	10545	August 24, 2022
DNS over https march 2020 Desktop Support	2	481	May 4, 2020
DoH not working on Brave Desktop Support	3	697	February 9, 2020
Solved: Brave browser commandline switches don't always work in Windows 10 Desktop Support windows	3	1635	February 3, 2021
Support for DNS over HTTPS Desktop Requests	7	7409	December 30, 2019

Disable TLS 1.0 and 1.1 and Enable DoH/DoT

Related topics