Quick and dirty guide to using Pi-hole with Stubby to provide both advertisement blocking and DNS over TLS. I’m using Fedora 30 ARM server edition on a Raspberry Pi 3.
Download Fedora Server ARM edition and write it to an SD card for the Raspberry Pi 3.
sudo fedora-arm-image-installer --resizefs --image=Fedora-Server-armhfp-30-1.2-sda.raw.xz --target=rpi3 --media=/dev/mmcblk0
Make sure your Raspberry Pi can already resolve DNS queries from some other source, such as your router or internet provider.
Firefox has (unfortunately) lagged behind other browsers recently when it comes to implementing the more secure TLS 1.2 and it’s only now officially landing in the upcoming release 27. It can always use more testing though and if you’re running version 26 you can still enable it and test.
Set the following:
This is the maximum supported protocol so it doesn’t mean that the sites you visit will now be using TLS 1.2. If you want to (try and) force it, there is a security.tls.version.min but be warned that probably most of your sites will fail.
You may also wish to disable this deprecated SSL3 algorithm:
You can test this out by browsing to http://howsmyssl.com.
Calomel is a handy addon (BSD licence) to tell you what your secure connection negotiated to when you visit a site and gives it a score.
If you notice breakage, please report upstream.