AES content encryption may be enabled using the -K command line option.  You can also enable content encryption with the Encrypt configuration variable.

Metadata sent to the server, including usernames, passwords, and file paths, are always protected by AES encryption.

When -K or Encrypt is enabled, file data, directory listings, object handler data, and all other transaction contents are encrypted in addition to the request information.  When content encryption is disabled, only the metadata is encrypted.

Usernames and passwords are always encrypted.

Administrators wishing to ensure that content is always encrypted can do so using the server's RequireEncrypt option.

Using encryption increases the CPU load of both the server and the client computers which may limit performance at high speeds on CPU bound systems.  One or two available CPU cores are needed to support each gigabit per second of encrypted throughput.

For more information about application security, see Tech Note 0016.