Another way appears to be not using encrypted and unecrupted connections simultaneously.
Opera remains the only browser that deploys TLS 1.2 by default.
The only major browser, certainly.
GnuTLS supports TLS 1.2, so browsers that use it may support TLS 1.2, but a bit of searching reveals that some browsers have it disabled because of backward compatibility issues with some sites. I wonder how Opera deals with these?