problem with key lenght of aes-128 openvpn

Hello to all,
I set up a RouterBOARD with openvpn server, with user and password and others RouterBOARD “client” to connect using AES-128 encryption.
With a 9-digit session key ok, with one of 11 characters instead of the cpu the RouterBOARDs client goes to 100% and freezes everything, obviously not connecting;
aes-128 also with the session key should not be of maximum length 128 bit and then 16 characters?

It’s a bug? the firmware is 5.5

i see that in ovpn, user passwords with more than 10 characters long the cpu crash…and it caused
‘sup-output’ command to write file in memory flash; it seem a bug…