Today I noticed by experiment that Google Chrome (69.0.3497.100) and Firefox (62.0.3) both were willing to connect to a server which only supported TLS 1.0, even though the corresponding support was removed in the browser settings.
In Wireshark I could see the client asking for TLS 1.2 and the server responding that only a lesser version of TLS is supported -- the browser happily continued to connect.
On the other hand, MS Edge, after removing TLS 1.0 and TLS 1.1 support in the Internet Explorer settings (I could not find the setting in Edge) refused to connect to that server. It only connected after adding TLS 1.0 and 1.1 support again or after enabling TLS 1.2 in the server.
Which behavior is correct?
And is there a way to not allow Chrome or Firefox to connect to a server which does not support TLS 1.2? Of coure I could try to remove support on OS level, but I'm not sure whether I want to do that.