Here is the full list of TLS-related command-line parameters. They are available since The Bat! 8.5.8, except /TLS_DISABLE_ECDSA that became available since 9.1.10.
The /TLS_DISABLE_ECDSA parameter (available since version 9.1.10) just disables cipher suites with Ellipric Curve DSA server certificates, but not ephemeral elliptic curves keys. Thus, the perfect forward secrecy keeps working with this command-line parameter, but only RSA server certificates are used. The other command-line parameters.
- /DISABLE_TLS12
- /TLS_DISABLE_ECDHE
- /TLS_DISABLE_ECDSA
- /TLS_VERSION_RANGE:
- /TLS_DISABLE_PERFECT_FORWARD_SECRECY
- /TLS_FORCE_PERFECT_FORWARD_SECRECY
- /TLS_DISABLE_DHE
The /TLS_DISABLE_ECDSA parameter (available since version 9.1.10) just disables cipher suites with Ellipric Curve DSA server certificates, but not ephemeral elliptic curves keys. Thus, the perfect forward secrecy keeps working with this command-line parameter, but only RSA server certificates are used. The other command-line parameters.