Laravel: The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Profile image of Mattias Geniar

Mattias Geniar, November 07, 2016

Follow me on Twitter as @mattiasgeniar

I just started working on a new Laravel project (it’s been a while), and this had me googling. For a second, I thought I had missing PHP extensions (like ‘mcrypt’) or other cryptographic configs I needed to tweak.

But sometimes a solution is so obvious, you miss it.

So I found myself hitting this error on a new Laravel project, without any configuration whatsoever. Just did the composer install and browsed to the app:

$ tail -f laravel.log
[2016-11-07 15:48:13] local.ERROR: exception 'RuntimeException' with message
  'The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct
   key lengths.' in htdocs/bootstrap/cache/compiled.php:13261

Stack trace:
#0 htdocs/bootstrap/cache/compiled.php(7739): Illuminate\Encryption\Encrypter->__construct('xxxx...', 'AES-256-CBC')
#1 htdocs/bootstrap/cache/compiled.php(1374): Illuminate\Encryption\EncryptionServiceProvider->Illuminate\Encryption\{closure}(Object(Illuminate\Foundation\Application), Array)
#2 htdocs/bootstrap/cache/compiled.php(1330): Illuminate\Container\Container->build(Object(Closure), Array)
#3 htdocs/bootstrap/cache/compiled.php(1908): Illuminate\Container\Container->make('encrypter', Array)
#4 htdocs/bootstrap/cache/compiled.php(1431): Illuminate\Foundation\Application->make('Illuminate\\Cont...')
#5 htdocs/bootstrap/cache/compiled.php(1408): Illuminate\Container\Container->resolveClass(Object(ReflectionParameter))
#6 htdocs/bootstrap/cache/compiled.php(1394): Illuminate\Container\Container->getDependencies(Array, Array)
#7 htdocs/bootstrap/cache/compiled.php(1330): Illuminate\Container\Container->build('App\\Http\\Middle...', Array)
#8 htdocs/bootstrap/cache/compiled.php(1908): Illuminate\Container\Container->make('App\\Http\\Middle...', Array)
#9 htdocs/bootstrap/cache/compiled.php(2426): Illuminate\Foundation\Application->make('App\\Http\\Middle...')
#10 htdocs/public/index.php(58): Illuminate\Foundation\Http\Kernel->terminate(Object(Illuminate\Http\Request), Object(Illuminate\Http\Response))
#11 {main}

Every time, the cause has been that my .env file had unsupported characters in the APP_KEY environment variable that caused that “The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths” error.

So as a reminder to my future self: alphanumeric characters, no spaces, no dashes, nothing fancy.

Aka:

$ cat .env
...
APP_KEY=l58ZVK24IpxHd4ms82U46tOxvdVK24IpxH

As soon as you include dashes or other “special” characters, things inevitably b0rk. And my default random-character-generator includes some dashes, obviously.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.