When I try to connect to remote host using command ssh -vv hostname

It hangs for a while, then closes connection. I can connect though if I specify following command:

ssh -c aes128-ctr hostname

The question is WHY I have to specify concrete cipher?

Bottom of the debug output in first case looks like:

debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr debug2: MACs ctos: hmac-sha1,hmac-ripemd160 debug2: MACs stoc: hmac-sha1,hmac-ripemd160 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 compression: none debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha1 compression: none debug1: kex: curve25519-sha256 need=20 dh_need=20 debug1: kex: curve25519-sha256 need=20 dh_need=20 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY