i suppose you can tweak the default proposal template to have more secure encryption and hash algorithms.
the default is:
[me@cloudtik] /ip ipsec proposal> print
Flags: X - disabled, * - default
0 * name="default" auth-algorithms=sha1 enc-algorithms=aes-128-cbc lifetime=30m pfs-group=modp1024
i highly encourage the usage of proper DH groups for perfect forward secrecy. Group 14 (modp2048) is considered as minimum, and one shall be rather using elliptic curve ones (group19+).
with regards to hashing, i'll say SHA256 (or SHA512) for phase 1, and use aes256 at least.
with regards to the peer section, you don't seem to have much alternatives than manually configuring your all your peers.
the defaults are as you said (aes128/3des and sha1) and i see no knob to control this. this is extremely unpleasant as phase1 is very important, if someone breaks into that, then you are screwed.
luckily we have modp2048 (group14) as default PFS setting here:
[me@cloudtik] /ip ipsec peer> export
# apr/15/2018 13:42:42 by RouterOS 6.41.4
# software id = KTQF-XXXX
#
#
#
/ip ipsec peer
add
[me@cloudtik] /ip ipsec peer> export verbose
# apr/15/2018 13:42:46 by RouterOS 6.41.4
# software id = KTQF-XXXX
#
#
#
/ip ipsec peer
add address=::/0 auth-method=pre-shared-key dh-group=modp2048,modp1024 disabled=no dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=aes-128,3des exchange-mode=main generate-policy=no hash-algorithm=sha1 lifetime=1d nat-traversal=yes \
policy-template-group=default proposal-check=obey secret="" send-initial-contact=yes