Advice to securely connect to a 'special' remote host

At first please note that I'm not a crypto expert. I'm having trouble to understand the internals of ssh and its algorithms is use. However - I would like to understand it a bit deeper which is the reason why I'm asking the following question.

Until Version 0.1.57 of Jsch I was able to successfully connect to the remote host in question. With newer version I'm getting:

com.jcraft.jsch.JSchAlgoNegoFailException: Algorithm negotiation fail: algorithmName="cipher.c2s" jschProposal="aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com" serverProposal="aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc"
    at com.jcraft.jsch.KeyExchange.guess(KeyExchange.java:157)
    at com.jcraft.jsch.Session.receive_kexinit(Session.java:614)
    at com.jcraft.jsch.Session.connect(Session.java:336)
    at tests.JSchTest.main(JSchTest.java:71)

If I modify my code to the following:

JSch jsch = new JSch();
Session session = jsch.getSession("USER", "HOST");
session.setPassword("PASS");
session.setConfig("cipher.c2s", "aes256-cbc");
session.setConfig("cipher.s2c", "aes256-cbc");
[...]

I'm able to connect to the server again. As far as I understand I (re)enable aes256-cbc as an allowed protocol. Is this the "best" I can do to connect to this server? Can I consider that CBC in general is an insecure encryption mode and thus was disabled by default? I would like to inform the operator of this SSH Server which seems to host a "GoAnywhere" system which itself seems not to be an outdated product so maybe he/she should be able to enable a more "modern" encryption protocol.

Please find full log of failed connection Jsch-0.2.17.log

mwiede / jsch

Advice to securely connect to a 'special' remote host #523