I use the setting ‘force SSL/TLS’ - both IMAP & SMTP. Does this setting force the usage of TSL if possible and then secondary SSL if TSL isn’t possible?

This setting is for SMTP only. If you use port 587 you can use Force usage of SSL/TLS. As far as I know it will force use, and if it is not available, it will not send. That means if the security layer is not there, it will not send your messages on an unsecured connection. But if the server is correctly configured, 587 will have SSL/TLS, so there will be no issues with using that security policy. The other SMTP port, 25, is very low security, and may not require SSL/TLS at all. Generally it is used when the mail server is provided by the Internet provider, so on the same network. If you use 25 , set the security policy to  Use SSL/TLS if available , otherwise it may never connect.

For IMAP port 993 , you need to use Use SSL/TLS on special port (legacy), or for port 143 it will be Use SSL/TLS if available. Port 143 is very low security so it may even ignore SSL/TLS, hence the setting.