I'd consider switching to L2TP+ipsec or EoIP+ipsec(for mikrotik on both sides), both use UDP and encryption and should perform the same or better in performance.
OpenVPN on UDP has been requested years ago and won't come too soon on Mikrotik, probably never.
SHA256 is supported on the mentioned protocols, not sure why openvpn would be more compelling, maybe only to opensource lovers.
Many VPN providers, including the largest, only support OpenVPN. Some support weaker protocols such as PPTP, but these are either discouraged or being discontinued. Some support stronger protocols such as Wireguard, even before their code or standards are finalized.
But the one thing common to all modern retail VPN providers is OpenVPN. Since OpenVPN without UDP is less like having one hand tied behind your back and more like having both legs cut off in terms of throughput and latency, this is why threads like this exist.
Of course, those considering site-to-site VPNs have many more options for protocols, and are in a position to follow the advice you suggested.
As for SHA256 that's only for HMAC auth and SHA1 is widely still used. There is no rush there because the key lifetimes are so short, on average just an hour. Also, they can only be used to fake a packet not break the entire channels security. Such concerns, even for those worried about state actors, is so ridiculously unlikely (breaking a SHA-1 key in an hour AND using it), it is not worth considering from the client side. It is just a security integrity issue for the VPN provider to keep up with the latest tech, i.e. SHA-2.