diff --git a/proxy/shadowsocks/config.go b/proxy/shadowsocks/config.go
index 8718cc0bb..c64317ed9 100644
--- a/proxy/shadowsocks/config.go
+++ b/proxy/shadowsocks/config.go
@@ -3,23 +3,25 @@ package shadowsocks
 import (
 	"crypto/cipher"
 	"crypto/md5"
+	"errors"
 
 	"v2ray.com/core/common/crypto"
 	"v2ray.com/core/common/protocol"
 )
 
-func (this *Account) GetCipher() Cipher {
+func (this *Account) GetCipher() (Cipher, error) {
 	switch this.CipherType {
 	case CipherType_AES_128_CFB:
-		return &AesCfb{KeyBytes: 16}
+		return &AesCfb{KeyBytes: 16}, nil
 	case CipherType_AES_256_CFB:
-		return &AesCfb{KeyBytes: 32}
+		return &AesCfb{KeyBytes: 32}, nil
 	case CipherType_CHACHA20:
-		return &ChaCha20{IVBytes: 8}
+		return &ChaCha20{IVBytes: 8}, nil
 	case CipherType_CHACHA20_IEFT:
-		return &ChaCha20{IVBytes: 12}
+		return &ChaCha20{IVBytes: 12}, nil
+	default:
+		return nil, errors.New("Unsupported cipher.")
 	}
-	panic("Failed to create Cipher. Should not happen.")
 }
 
 func (this *Account) Equals(another protocol.Account) bool {
@@ -33,8 +35,12 @@ func (this *Account) AsAccount() (protocol.Account, error) {
 	return this, nil
 }
 
-func (this *Account) GetCipherKey(size int) []byte {
-	return PasswordToCipherKey(this.Password, size)
+func (this *Account) GetCipherKey() []byte {
+	ct, err := this.GetCipher()
+	if err != nil {
+		return nil
+	}
+	return PasswordToCipherKey(this.Password, ct.KeySize())
 }
 
 type Cipher interface {
diff --git a/proxy/shadowsocks/config_json_test.go b/proxy/shadowsocks/config_json_test.go
index e8a8828fa..eca1debf9 100644
--- a/proxy/shadowsocks/config_json_test.go
+++ b/proxy/shadowsocks/config_json_test.go
@@ -17,12 +17,16 @@ func TestConfigParsing(t *testing.T) {
     "password": "v2ray-password"
   }`
 
-	config := new(Config)
+	config := new(ServerConfig)
 	err := json.Unmarshal([]byte(rawJson), config)
 	assert.Error(err).IsNil()
 
-	assert.Int(config.GetCipher().KeySize()).Equals(16)
-	account, err := config.User.GetTypedAccount(&Account{})
+	account := new(Account)
+	_, err = config.User.GetTypedAccount(account)
 	assert.Error(err).IsNil()
-	assert.Bytes(account.(*Account).GetCipherKey(config.GetCipher().KeySize())).Equals([]byte{160, 224, 26, 2, 22, 110, 9, 80, 65, 52, 80, 20, 38, 243, 224, 241})
+
+	cipher, err := account.GetCipher()
+	assert.Error(err).IsNil()
+	assert.Int(cipher.KeySize()).Equals(16)
+	assert.Bytes(account.GetCipherKey()).Equals([]byte{160, 224, 26, 2, 22, 110, 9, 80, 65, 52, 80, 20, 38, 243, 224, 241})
 }
diff --git a/proxy/shadowsocks/server.go b/proxy/shadowsocks/server.go
index c64f9710d..4f2c36ed9 100644
--- a/proxy/shadowsocks/server.go
+++ b/proxy/shadowsocks/server.go
@@ -41,12 +41,15 @@ func NewServer(config *ServerConfig, space app.Space, meta *proxy.InboundHandler
 	if _, err := config.GetUser().GetTypedAccount(account); err != nil {
 		return nil, err
 	}
-	cipher := account.GetCipher()
+	cipher, err := account.GetCipher()
+	if err != nil {
+		return nil, err
+	}
 	s := &Server{
 		config:    config,
 		meta:      meta,
 		cipher:    cipher,
-		cipherKey: account.GetCipherKey(cipher.KeySize()),
+		cipherKey: account.GetCipherKey(),
 	}
 
 	space.InitializeApplication(func() error {