I'm pretty sure that I tested all options, SMB1 only, SMB2 only, and SMB1 and SMB2. Notice that these are the options the server advertises as available, the client has to select which one he wants.
For the tests I used 'smbclient -m NT1|SMB2' from a linux machine. I only have access to a Vista machine, no 7/8/8.1/10 testing was done.
Nobody can tell if it is safe or not, I expressed my non-expert views on the RC6 thread. In short, SMB1 will not be world-wide disabled because there are too much embedded devices that rely on it (MS even released a patch to already unsupported MS versions), and most SMB1 issues are specific to MS-Win SMB implementation, not necessarily to the samba implementation. See the newer Petya attack.
If by "recent Samba Issues" you mean CVE-2017-7494, the patch is applied.
You can try to debug your SMB1/SMB2 issue, the relevant directives are (test with 'server signing' disabled)
max protocol = SMB2
min protocol = SMB2
being commented or not.
-both commented, means that only SMB1 (actualy NT1) is advertised
-if only 'min protocol = SMB2' is uncommented, then only SMB2 is advertised
-if only 'max protocol = SMB2' is uncommented, both SMB1 and SMB2 are offered
As SMB might take some minutes to settle, and data is cached in both the server and the client, you can't be in a hurry to test changes.
It is easy to restart samba on the server without caching:
rcsmb stop # stop samba
rm -rf /var/cache/samba # remove cached info
rm -rf /var/log/samba # clean logs
rcsmb start # start samba
After clearing cache and restarting samba, the log will show a lot of warnings regarding tdb files missing etc, the final log entry will be similar to "waiting for connections". The log is rotated when it reaches 32KB.
Harmless
Regarding the https certificate, there has been a change, mainly because of chrome requirements; creating a new certificate under System->Utilities generates less scaring (if possible) messages under chrome. Self-signed certificates as used by Alt-F always generate those kind of messages (unknow certification autority or similar)
I tested that under firefox using the Alt-F simulator and found that you have to remove the existing box certificate from firefox in order for it to add an exception.
Regarding swat, I can't comment