The default encryption aes-128-ecb uses Electronic Codebook (ECB) mode, which is insecure and should never be used. Instead, add the following to your configuration file:
aes-128-ecb
block_encryption_mode = aes-256-cbc