Hello,
Certificates are generated using a combination of configuration file & init.d script, as well as OpenSSL as the key generation tool (found at /usr/sbin/openssl). The default configuration file at /etc/config/uhttpd (the config cert defaults section options) as well as init.d script (for options, which are not defined in a configuration file) at /etc/init.d/uhttpd dictates what encryption/hashing algorithms will be used when certificates do not exist on the device yet. However, if certificates already exist on the device, the script will not attempt to generate new certificates.
If you'd like to generate your own certificates with new settings, you'll have to remove currently existing certificate via CLI (at /etc/uhttpd.crt and /etc/uhttpd.key) then edit the /etc/config/uhttpd configuration defaults to your desired options. Once done, make sure to reboot the uhttpd service with /etc/init.d/uhttpd restart command and new certificates should be generated.
Alternatively, you may choose to upgrade to the latest firmware version 7.02 (either using FOTA, RMS or manually, by downloading latest firmware from our wiki page for your device HERE and uploading it manually in order to upgrade your device) and then upload your own certificate & key to the router, via WebUI, at System > Administration > Access control by disabling the "Certificate files from device" option and uploading the required certificates.
Best regards,
Tomas.