A1. SSL/TLS/HTTPS Ports are described https://comm.support.ca.com/kb/setting-up-ssl-communications-for-an-apm-cluster-and-components/kb000010477
For .Net agents on MOM/Collector 8444 – HTTP Communication for APM UI (HTTPS) - via em-jetty-config.xml
For Java Agents on MOM/Collector 5443 – Communication with Workstation/Webstart (SSL) and Agents (SSL)
A2. HTTPS is only supported SSL option for .Net agents. Java agents have more SSL communications mechanisms.
A3. SSL Channels in the EM properties file needs to be only to set up for the Java not .Net agents
A4. On the EM, APM support SHA2. SHA2 (or SHA-2) is just a name for several hashing algorithms which include SHA-224, SHA-256, SHA-384, SHA-512 and few more. With default JRE policy, only SHA-256 is supported. After installation of unlimited JCE (Java Cryptography Encryption) policy,, SHA-384 is then included and supported. APM 10.5 may have slight differences.
APM supports TLS from 1.0 through to 1.2 at least with APM 10.7.
Note: Rather than reviewing ciphersuites, it would be better to review the JRE version the server runs on.
This will cover what cipher suites are available at all. Then take a look at em\jre\lib\security\java.security file to document disabled weak algorithms.
APM ships with RSA certificate and keys so all the ciphers are RSA-based by default.