I presently use SSTP for site to site VPNs between router boards.
It would be fantastic if MikroTik would consider offering the following in the future:
Seasons regards to all! 
Thanks,
Nick
2years later, same situation. Mikrotik please update!!!
Screen Shot 2015-11-24 at 16.21.53.jpg
TLS 1.2 is already supported and PFS already can be enabled.
Currently only GCM is not possible but might be added in the future.
Indeed, TLS 1.2 is enabled, but have not find the option for PFS on the webservice for administering the router.
Also, if you look at HMAC, it is SHA1, and again, no option for SHA2
GCM is less of a problem, at least for me.
Best regards.
its only matter of time cuz CWC, OCB was future of ciphers, and even updated/re-worked EAX shows Notably improved scalability.
so far GCM is good for “transition” period and step-up from CCM.
“in general” legacy things, like XTS, CBC and some time after - CCM, perhaps - been phased-out/deprecated eventually.
https://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
so far both CWC and (to some degree)EAX variations - shows best scalability, performance/overhead, security among them, in my opinion.
but suporting some of them - painful. cuz some stuff is hard to backport and some wasn’t really trivial to older kernels At ALL 
Any update on the PFS/sha1 issue ? …
+1 This would be really helpful if ROS had AES-GCM support as theres a huge performance boot for all. That means lower hardware can achieve higher throughput which likely would be more cost effective.
Are there any plans for upgrading cipher suites?
I was using Windows 10 + Mikrotik SSTP VPN for years and now it is not possible to connect because they don’t have any cipher suite in common after some upgrade.
add the ability to select the encryption mode to the settings: aes-128 cbc, aes-256 cbc, blowfish, twofish, aes-128 ctr, aes-256 ctr, aes-128 gcm, aes-256 gcm and MPPE 128