Index: /branches/rel_ag_9_4_5/ui/backend/sys_cmd.c
===================================================================
--- /branches/rel_ag_9_4_5/ui/backend/sys_cmd.c	(revision 20427)
+++ /branches/rel_ag_9_4_5/ui/backend/sys_cmd.c	(working copy)
@@ -2769,6 +2769,58 @@
 	return 0;
 }
 
+const char *supported_ciphers[] = {
+    "aes128-cbc",
+    "3des-cbc",
+    "blowfish-cbc",
+    "cast128-cbc",
+    "arcfour128",
+    "arcfour256",
+    "arcfour",
+    "aes192-cbc",
+    "aes256-cbc",
+    "aes128-ctr",
+    "aes192-ctr",
+    "aes256-ctr",
+    NULL
+};
+
+int is_valid_cipher(const char *cipher)
+{
+    int i;
+    for (i = 0; supported_ciphers[i] != NULL; i++) {
+        if (strcasecmp(cipher, supported_ciphers[i]) == 0) {
+            return 1;
+        }
+    }
+    return 0;
+}
+
+int validate_ciphersuite(const char *ciphersuite)
+{
+    char tmp[1024];
+    char *token;
+
+    if (ciphersuite == NULL || ciphersuite[0] == '\0') {
+        return 1;
+    }
+
+    strncpy(tmp, ciphersuite, sizeof(tmp));
+    tmp[sizeof(tmp) - 1] = '\0';
+
+    token = strtok(tmp, ",");
+    while (token != NULL) {
+        while (*token == ' ') token++;
+        if (!is_valid_cipher(token)) {
+			ui_printf("cipher suite \"%s\" is not supported\n", token);
+            return 0;
+        }
+        token = strtok(NULL, ",");
+    }
+
+    return 1;
+}
+
 ca_errcode_t
 ui_ssh_ciphersuite(char *ciphersuite)
 {
@@ -2778,6 +2830,10 @@
 	char line[1024], cipher_line[1024];
 	int is_added = 0;
 
+	if (!validate_ciphersuite(ciphersuite)) {
+        return -1;
+    }
+
 	confp = fopen(SSHD_CFG_FILE, "r");
 	if (confp == NULL) {
 		ui_fail(ERR_INTERNAL, "Sshd is not installed\n");