There's no supported solution as far as I know from the PI side.
I'm not quite sure why PI isn't using the available ciphers. It may be worth a TAC case.
I checked what they are by going into the shell of PI and looking at the ssh config. It's RHEL under the covers (more or less) and, as you can see in the output below, the ssh client should be able to offer the ctr ciphers.
ade # pwd
/etc/ssh
ade # sudo cat ./sshd_config | grep Ciphers
# Ciphers and keying
Ciphers aes256-cbc,aes256-ctr,aes192-cbc,aes192-ctr,aes128-cbc,aes128-ctr,3des-cbc
ade #
I also checked what I connect as when just manually ssh-ing from the PI 3.2 cli. I see it as an aes-128 ctr session. Perhaps PI has some hard-coded bits telling it to use only ctr mode?
OPTIMUS/admin# ssh 10.12.254.254 mrhoads
The authenticity of host '10.12.254.254 (10.12.254.254)' can't be established.
RSA key fingerprint is SHA256:JH1Ri3/xJ0//q95/MDez5oK7y8V1JlRpsYFtA9YWL0U.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.12.254.254' (RSA) to the list of known hosts.
<banner removed>
password :
DIST-01#sh ip ssh
SSH Enabled - version 2.0
Authentication methods:publickey,keyboard-interactive,password
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
MAC Algorithms:hmac-sha1,hmac-sha1-96
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtLz777cCy7BQCrM0xgCmmygFxHBnSSO7BqgDHXf31
odu1DSPRVhM0iDk4kBk/HQGihH+xBiZ+76sxtkFo3muYnWuc+8Vw3jtvW5IiuMb8CGZE6vb0SnIEE1OM
8SzXrX479Ows8eYKCWVd4FUECKiQHTJv3YnUcLrJmlgVkqv0Gw==
DIST-01#sh ss
Connection Version Mode Encryption Hmac State Username
0 2.0 IN aes128-ctr hmac-sha1 Session started mrhoads
0 2.0 OUT aes128-ctr hmac-sha1 Session started mrhoads
%No SSHv1 server connections running.
DIST-01#
