I'm a little confused by your description of "TKIP+AES WPA2" - I didn't think such a thing existed, I thought TKIP was obsolete as of WPA2. Either way, don't use TKIP anymore. Do use AES, do use WPA2.
Yeah, some Wireless Routers has bizarre variety of choices.
Unfortunately marketing has more bearing on End-Users' Devices than real Technology and Security issues.
If New Wireless Router has No starlight configuration to pure WPA2, do not buy it.
If One has an older Router that does not have a pure configuration to Pure WPA+AES (WPA + AES is the WPA2 version in pre IEEE Standard devices) rid of it.
--------------
P.S. Many Routers have a WPA2 Personal or and WPA2 Enterprise.
Both are WPA2 secured. The Enterprise level has to be used when a Radius Server or similar Enterprise concoctions are involved.