Firstly, it's perfectly normal that hardware compression rate drops when
dealing with encrypted data. Compression ratio depends heavily on
entropy of input data and good encryption assures uniform distribution
of encrypted data so there's no point in compressing data _after_
encryption.
Secondly, in Bareos encryption is the property of a filedaemon so it's
applied to all the data from a configured client. Compression however is
defined on the FileSet resource level so you can mix compressed and
uncompressed files within one job. So it only makes sense to encrypt
data after the job is being initially pulled from the client.
You can of course look into the sources (Bareos is open-source after all
;-)) to confirm it but I think it should be reasonable enough.
Best regards,
MK