Merge pull request #161 from percona/pxc-4457

PXC-4457 Doc bug: default encrypt value incorrect

docs/xtrabackup-sst.md

@@ -95,24 +95,27 @@ for socat encryption based on OpenSSL.
 | Parameter      | Description        |
 | -------------- | ------------------ |
 | Values:        | 0, 4               |
-| Default:       | 4                  |
+| Default:       | 0                  |
 | Match:         | Yes                |
 
-Enables SST encryption mode in Percona XtraBackup:
-
-* Set `encrypt=0` to disable SST encryption.
+You can control whether Percona XtraBackup encrypts data during State Snapshot Transfer (SST) using the `encrypt` option in your configuration.
 
-* Set `encrypt=4` for SST encryption with SSL files generated by MySQL. This is the recommended value.
+* **Encryption Disabled (Default):**
+    * Set `encrypt=0` to disable encryption. This is the default setting.
+    * Data transferred during SST won't be encrypted.
+* **Encryption Enabled (Recommended):**
+    * Set `encrypt=4` to enable encryption. This is recommended for security.
+    * Percona XtraBackup will use key and certificate files generated with OpenSSL to encrypt the data during SST. 
 
-  Considering that you have all three necessary files:
+An example with the necessary files:
 
-  ```{.text .no-copy}
-  [sst]
-  encrypt=4
-  ssl-ca=ca.pem
-  ssl-cert=server-cert.pem
-  ssl-key=server-key.pem
-  ```
+```{.text .no-copy}
+[sst]
+encrypt=4
+ssl-ca=ca.pem
+ssl-cert=server-cert.pem
+ssl-key=server-key.pem
+```
 
 For more information, see [Encrypting PXC Traffic](encrypt-traffic.md#encrypt-traffic).