Cipher protocols supported by NCM SSH

FYI, just hit an issue following the upgrade of the OS on some of our fortigate boxes [due to the backdoor password discovery] where the ssh provided in NCM 7.3.x doesn't have an agreeable set of cipher protocols.. which leads to non-SSH connection:

Server (firewall) Algorithms

    kex_algorithms length: 61

    kex_algorithms string: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

    server_host_key_algorithms length: 15

    server_host_key_algorithms string: ssh-rsa,ssh-dss

    encryption_algorithms_client_to_server length: 135

    encryption_algorithms_client_to_server string: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

    encryption_algorithms_server_to_client length: 135

    encryption_algorithms_server_to_client string: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

    mac_algorithms_client_to_server length: 85

    mac_algorithms_client_to_server string: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    mac_algorithms_server_to_client length: 85

    mac_algorithms_server_to_client string: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

    compression_algorithms_client_to_server length: 9

    compression_algorithms_client_to_server string: none,zlib

    compression_algorithms_server_to_client length: 9

    compression_algorithms_server_to_client string: none,zlib

    languages_client_to_server length: 0

    languages_client_to_server string: [Empty]

    languages_server_to_client length: 0

    languages_server_to_client string: [Empty]

    KEX First Packet Follows: 0

    Reserved: 00000000

Client Algorithms

    kex_algorithms length: 111

    kex_algorithms string: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1

    server_host_key_algorithms length: 75

    server_host_key_algorithms string: ssh-rsa,ssh-dss,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256

    encryption_algorithms_client_to_server length: 175

    encryption_algorithms_client_to_server string: aes128-cbc,aes128-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,cast128-cbc

    encryption_algorithms_server_to_client length: 175

    encryption_algorithms_server_to_client string: aes128-cbc,aes128-ctr,3des-cbc,blowfish-cbc,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se,cast128-cbc

    mac_algorithms_client_to_server length: 64

    mac_algorithms_client_to_server string: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,none

    mac_algorithms_server_to_client length: 64

    mac_algorithms_server_to_client string: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,none

    compression_algorithms_client_to_server length: 9

    compression_algorithms_client_to_server string: none,none

    compression_algorithms_server_to_client length: 9

    compression_algorithms_server_to_client string: none,none

    languages_client_to_server length: 0

    languages_client_to_server string: [Empty]

    languages_server_to_client length: 0

    languages_server_to_client string: [Empty]

    KEX First Packet Follows: 0

    Reserved: 00000000

[the Fortigate simply drops the connection if it doesn't like the order or algorithms, which is somewhat less than helpful]

Is there a way to control the order of the client algorithms used by the NCM client?

[note: support cases 928417 and 927532]