Check_MK Werk 3114: linux and windows agent can now be configured to directly encrypt their output. For real-time updates encryption is now optional (but active per default)

ID: 3114 Title: linux and windows agent can now be configured to directly encrypt their output. For real-time updates encryption is now optional (but active per default) Component: Core & Setup Level: 2 Class: New Feature Version: 1.2.9i1 This feature can be configured through Host&Service Parameters -> Access to agents -> Encryption. When "Encryption for Agents" is set to "enforce" or "enable", two things will happen: a) Baked windows or linux agents will be configured to encrypt their output b) check_mk will be configured to try to decrypt output from agents. In case of "enable" it will also accept unencrypted output, in case of "enforce" it won't. This change also affects real-time updates as these were already encrypted. The passphrase configured for real-time updates will now only serve as a default, agents with "Encryption" configured will use the same passphrase for rt and regular updates. Finally, it is now also possible to configure real-time updates to be unencrypted. All encryption happens with AES using 256bit keys and cbc. The above is completely optional, the default behaviour for everything (including real-time updates) is compatible with previous versions.