diff --git a/app/src/main/java/org/thoughtcrime/securesms/dependencies/ApplicationDependencyProvider.java b/app/src/main/java/org/thoughtcrime/securesms/dependencies/ApplicationDependencyProvider.java
index e4805ee977..bb4706a772 100644
--- a/app/src/main/java/org/thoughtcrime/securesms/dependencies/ApplicationDependencyProvider.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/dependencies/ApplicationDependencyProvider.java
@@ -261,7 +261,7 @@ public class ApplicationDependencyProvider implements AppDependencies.Provider {
   public @NonNull Network provideLibsignalNetwork(@NonNull SignalServiceConfiguration config) {
     Network network = new Network(BuildConfig.LIBSIGNAL_NET_ENV, StandardUserAgentInterceptor.USER_AGENT);
     LibSignalNetworkExtensions.applyConfiguration(network, config);
-    LibSignalNetworkExtensions.transformAndSetRemoteConfig(network, RemoteConfig.getMemoryValues());
+    LibSignalNetworkExtensions.buildAndSetRemoteConfig(network, RemoteConfig.libsignalEnforceMinTlsVersion());
 
     return network;
   }
diff --git a/app/src/main/java/org/thoughtcrime/securesms/util/RemoteConfig.kt b/app/src/main/java/org/thoughtcrime/securesms/util/RemoteConfig.kt
index e4b9daf845..5761f0ca1a 100644
--- a/app/src/main/java/org/thoughtcrime/securesms/util/RemoteConfig.kt
+++ b/app/src/main/java/org/thoughtcrime/securesms/util/RemoteConfig.kt
@@ -992,6 +992,14 @@ object RemoteConfig {
     value.asBoolean(false) || Environment.IS_NIGHTLY
   }
 
+  @JvmStatic
+  @get:JvmName("libsignalEnforceMinTlsVersion")
+  val libsignalEnforceMinTlsVersion by remoteBoolean(
+    key = "android.libsignalEnforceMinTlsVersion",
+    defaultValue = false,
+    hotSwappable = false
+  )
+
   /** Whether or not to launch the restore activity after registration is complete, rather than before.  */
   @JvmStatic
   @get:JvmName("restoreAfterRegistration")
diff --git a/libsignal-service/src/main/java/org/whispersystems/signalservice/internal/websocket/LibSignalNetworkExtensions.kt b/libsignal-service/src/main/java/org/whispersystems/signalservice/internal/websocket/LibSignalNetworkExtensions.kt
index 0e2d62a015..fffb973ca3 100644
--- a/libsignal-service/src/main/java/org/whispersystems/signalservice/internal/websocket/LibSignalNetworkExtensions.kt
+++ b/libsignal-service/src/main/java/org/whispersystems/signalservice/internal/websocket/LibSignalNetworkExtensions.kt
@@ -10,18 +10,15 @@ import org.signal.core.util.logging.Log
 import org.signal.core.util.orNull
 import org.signal.libsignal.net.Network
 import org.whispersystems.signalservice.internal.configuration.SignalServiceConfiguration
-import org.whispersystems.signalservice.internal.util.JsonUtil
 import java.io.IOException
 
 private const val TAG = "LibSignalNetworkExtensions"
 
-fun Network.transformAndSetRemoteConfig(remoteConfig: Map<String, Any>) {
-  val libsignalRemoteConfig: Map<String, String> = remoteConfig
-    .filterKeys { it.startsWith("android.libsignal.") }
-    .mapKeys { (k, _) -> k.removePrefix("android.libsignal.") }
-    // libsignal-net's RemoteConfig diverges from JSON-spec by not quoting string values.
-    .mapValues { (_, v) -> (v as? String) ?: JsonUtil.toJson(v) }
-
+fun Network.buildAndSetRemoteConfig(enforceMinTls: Boolean) {
+  val libsignalRemoteConfig: HashMap<String, String> = HashMap()
+  if (enforceMinTls) {
+    libsignalRemoteConfig["enforceMinimumTls"] = ""
+  }
   this.setRemoteConfig(libsignalRemoteConfig)
 }