As a security appliance facing the wilderness, it seems FTD could do a better job in providing a more secure HTTPS service for the RA VPN component. Things like bigger (or customizable) DH parameter size, a simple HTTP to HTTPS redirect, HSTS support or server initiated secure renegotiation, which are easily implemented in regular web servers (including Apache, which is what FTD's HTTP server is based off). Much more useful than, perhaps, spending time making a patch to make "OpenSSL" reports as "CiscoSSL"...

Or do I have ways to change these via regular FMC/FlexConfig settings?