So looks like /ini=winscp.ini (https://winscp.net/forum/viewtopic.php?t=6924) solution won't work for me as I am disabling caching with /ini=nul. My expectation about CRL is similar to this https://winscp.net/forum/viewtopic.php?t=24120.
I have done some research and it seems that CRL checking is an application level responsibility, so this is why I suppose WinSCP is doing it and this behavior can't be altered via any server level setting. Some people talk about IE setting, but I can't see that impacting how WinSCP checks for CRL.
In my case, if I am able to disable CRL checking and keep using /ini=nul, that would be perfect, but as this might not be possible, is there any way to use /ini=winscp.ini and then disable directory caching and keep the certificate caching part?