Comware

Hey folks!  
InfoSec did a security scan and gave me a laundry list of things that need to be fixed.  A lot of it is simple "one click" things that arn't a big deal.  However, one is old SSL version related stuff.  Specifically that my 1950's will allow SSL v2 and v3.  I found this link on setting some stuff up via CLI https://community.hpe.com/t5/comware-based/hpe-switch-ssl-vulnerabilities/td-p/7127867 which is giving me the basics but I need a little bit more information.
1. How do I know for sure what SSL/TLS versions my switch will accept?  I can't seem to find a "display" command that will show me what is (or isn't) enabled.  About the only thing I've found is the command where you either disable or enable it.  As I'm remote to where the switches are physically located, I'm a bit hesitant to just start disabling versions via "ssl version ssl3.0 disable" without knowing for sure what it is running.
2. Is there any way to enable or disable the SSL/TLS versions via the web?  
3. Does the switch support TLS 1.2?  I don't see it listed as an option to "disable" but I don't see it listed as an option to "enable" either.  
4. I'm not sure which cypersuites are compatible with which TLS versions.  I don't want to necessarily blindly follow the above URL.  The first post talks about not needing HTTP(S) connection and just disabling it completely, which I really don't want to do.  I do a majority of management on these switches via HTTPS.  However, in the config example they only disable SSL3 and TLS1.0.  In a later response they disable SSL3, TLS1.0 and TLS1.1.  As I'm unclear if the switch can do TLS 1.2 (see point 3) I don't want to do this either.
I'm sure as you guys answer, I'll have more questions.  Largely my concern is making sure I don't accidently kill my own access to the switch and being unable to access it remotely.
Thanks in advance.

Hey folks!  
InfoSec did a security scan and gave me a laundry list of things that need to be fixed.  A lot of it is simple "one click" things that arn't a big deal.  However, one is old SSL version related stuff.  Specifically that my 1950's will allow SSL v2 and v3.  I found this link on setting some stuff up via CLI https://community.hpe.com/t5/comware-based/hpe-switch-ssl-vulnerabilities/td-p/7127867 which is giving me the basics but I need a little bit more information.
1. How do I know for sure what SSL/TLS versions my switch will accept?  I can't seem to find a "display" command that will show me what is (or isn't) enabled.  About the only thing I've found is the command where you either disable or enable it.  As I'm remote to where the switches are physically located, I'm a bit hesitant to just start disabling versions via "ssl version ssl3.0 disable" without knowing for sure what it is running.
2. Is there any way to enable or disable the SSL/TLS versions via the web?  
3. Does the switch support TLS 1.2?  I don't see it listed as an option to "disable" but I don't see it listed as an option to "enable" either.  
4. I'm not sure which cypersuites are compatible with which TLS versions.  I don't want to necessarily blindly follow the above URL.  The first post talks about not needing HTTP(S) connection and just disabling it completely, which I really don't want to do.  I do a majority of management on these switches via HTTPS.  However, in the config example they only disable SSL3 and TLS1.0.  In a later response they disable SSL3, TLS1.0 and TLS1.1.  As I'm unclear if the switch can do TLS 1.2 (see point 3) I don't want to do this either.
I'm sure as you guys answer, I'll have more questions.  Largely my concern is making sure I don't accidently kill my own access to the switch and being unable to access it remotely.
Thanks in advance.