Index: /branches/rel_apv_10_7/usr/click/bin/backend/sys_cmd.c
===================================================================
--- /branches/rel_apv_10_7/usr/click/bin/backend/sys_cmd.c	(revision 38355)
+++ /branches/rel_apv_10_7/usr/click/bin/backend/sys_cmd.c	(working copy)
@@ -4708,7 +4708,7 @@
 	return 0;
 }
 
-#define SSH_SUPPORT_CIPHERS "aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com"
+#define SSH_SUPPORT_CIPHERS "aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com"
 
 int
 check_ssh_ciphers_legal(char* new_ciphers)
@@ -4962,7 +4962,7 @@
 	return 0;
 }
 
-#define DEFAULT_SSH_CIPHERS "aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com"
+#define DEFAULT_SSH_CIPHERS "aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com"
 
 int
 ui_ssh_ciphers(char* new_cipher)
Index: /branches/rel_apv_10_7/usr/click/bin/openssh/CVE-2023-48795-mitigation.patch
===================================================================
--- /branches/rel_apv_10_7/usr/click/bin/openssh/CVE-2023-48795-mitigation.patch	(nonexistent)
+++ /branches/rel_apv_10_7/usr/click/bin/openssh/CVE-2023-48795-mitigation.patch	(working copy)
@@ -0,0 +1,19 @@
+--- myproposal.h	2024-06-14 10:19:37.366799879 +0800
++++ myproposal_edit.h	2024-06-14 10:20:19.886789628 +0800
+@@ -57,16 +57,12 @@
+	"rsa-sha2-256"
+
+ #define	KEX_SERVER_ENCRYPT \
+-	"chacha20-poly1305@openssh.com," \
+	"aes128-ctr,aes192-ctr,aes256-ctr," \
+	"aes128-gcm@openssh.com,aes256-gcm@openssh.com"
+
+ #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT
+
+ #define	KEX_SERVER_MAC \
+-	"umac-128-etm@openssh.com," \
+-	"hmac-sha2-256-etm@openssh.com," \
+-	"hmac-sha2-512-etm@openssh.com," \
+	"umac-128@openssh.com," \
+	"hmac-sha2-256," \
+	"hmac-sha2-512"
Index: /branches/rel_apv_10_7/usr/click/bin/openssh/build.sh
===================================================================
--- /branches/rel_apv_10_7/usr/click/bin/openssh/build.sh	(revision 38355)
+++ /branches/rel_apv_10_7/usr/click/bin/openssh/build.sh	(working copy)
@@ -20,6 +20,7 @@
 else
 	patch -p1 < ../array_patch
 	patch -p0 < ../weak_mac.patch
+	patch -p0 < ../CVE-2023-48795-mitigation.patch
 	if [ $? -ne 0 ]
 	then
 		echo "array_patch failed!"
Index: /branches/rel_apv_10_7/usr/click/lib/libparser/commands.pm
===================================================================
--- /branches/rel_apv_10_7/usr/click/lib/libparser/commands.pm	(revision 38355)
+++ /branches/rel_apv_10_7/usr/click/lib/libparser/commands.pm	(working copy)
@@ -30435,12 +30435,12 @@
 		function_name => "ui_ssh_ciphers",
 		function_args => [ {
 					type => "STRING",
-					help_string => "New ciphers, separated by commas. Supported ciphers are:aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm\@openssh.com,aes256-gcm\@openssh.com,chacha20-poly1305\@openssh.com",
+					help_string => "New ciphers, separated by commas. Supported ciphers are:aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm\@openssh.com,aes256-gcm\@openssh.com",
 					optional => "NO",
 				},],
 	},
 	{
- 		obj_type => "ITEM",
+		obj_type => "ITEM",
 		name => "kex",
 		menu => "root_ssh",
 		help_string  => "Configure supported SSH Key Exchange algorithms",