I like to use SSTP for a VPN over TCP, as it uses only one TCP port and it’s very easy to setup. Now I have running one VPN of this kind, but I don’t know how to change the ENCRYPTION algorithm. I like to use RC4 (aka Arcfour128) as it’s less CPU consuming than AES256 (the default). In the documentation is described that Windows clients using SSTP connect to the Mikrotik server using RC4. So, I can assume that RC4 is supported. Then, how to force RC4 between two Mikrotik routers?
So, I think this can be improved… AES uses much more CPU than RC4. Why not include the option for forcing RC4?
Perhaps the best solution is provide the option for selecting a list of enabled algorithms, like: RC4->AES256->AES512.
I would recommend against anything meant to intentionally weaken encryption. RC4 is a deprecated protocol. All the major browsers and OS’s have dropped support for it. If you’re concerned about AES eating up too much CPU, then use a stronger router. The cost is inconsequential compared to the cost of a security breach.