Pages: 1
TLS-related command-line parameters
Here is the full list of TLS-related command-line parameters. They are available since The Bat! 8.5.8, except /TLS_DISABLE_ECDSA that became available since 9.1.10.
The "/TLS_VERSION_RANGE:0-3" command line parameter is needed to specify lowest and highest SSL/TLS version minor byte number that The Bat! should support. "0" means SSL 3.0, "1" means TLS 1.0, "2" means TLS 1.1 and "3" means "TLS 1.2". For example, to disable SSL 3.0, use "/TLS_VERSION_RANGE:1-3". Another example – to only allow TLS 1.2 – use "/TLS_VERSION_RANGE:3-3"

The /TLS_DISABLE_ECDSA parameter (available since version 9.1.10) just disables cipher suites with Ellipric Curve DSA server certificates, but not ephemeral elliptic curves keys. Thus, the perfect forward secrecy keeps working with this command-line parameter, but only RSA server certificates are used. The other command-line parameters.
@Maxim Can I ask you to do comment here? -
Модератор. Не являюсь сотрудником RitLabs (I'm not an employee of Ritlabs).
Pages: 1