"The bucket can use server-side encryption with KMS key management transparently. Other methods of server side encryption are not supported."
That is the full extent of how to use bucket encryption with S3 blobstores and what is supported. "Other methods" is vague. "KMS" can mean several different things.
There is no clear statement describing how to enable encryption on an existing bucket and also how to update S3 blobstores config already existing in NXRM.
Document exactly what to do to use the three encryption mechanisms ( SSE-C, SSE-S3, SSE-KMS ) described here for new blobstores or existing blobstores:
If something wasn't tested or supported, make clear note of what that is.