Requests to the server, including usernames, passwords, file paths, and file meta data, are always protected by AES encryption.
The -K command line option enables encryption of the data content being transferred. You can also enable content encryption with the Encrypt configuration variable.
When -K or Encrypt is enabled, file data, directory scans, and all other transaction contents are encrypted in addition to the request information. When content encryption is disabled, only the request information (usernames, passwords, paths, meta data, etc.) is encrypted.
Usernames and passwords are always encrypted.
Administrators wishing to ensure that content is always encrypted can do so using the server's RequireEncrypt option.
Using encryption will increase the CPU load of both the server and the client computers which may cause a reduction in performance. On modern CPUs, about one available CPU core is needed to support each gigabit per second of encrypted throughput.
For more general information about application security, see Tech Note 0016.