Dear team,

we are working with agent-server communication encryption

• two-way encryption works fine ?
• we would like to have one-way encryption (asymmetric) so when client initiate communication with server (while keeping it unencrypted the other way around).
  The problem we have with one way encryption is that, even if only TLSConnect is equal to "cert", so encryption should be used only for agent outbound connections, the agent will not start without an agent certificate as well/key.

I.e. agent configuration file:
Hostname=XXXXXX
LogFile=D:\zabbix\Zabbix_agentd.log
DebugLevel=4
TLSConnect=cert
TLSAccept=unencrypted
TLSCAFile=D:\eon\zabbix\zabbix_ca_file
EnableRemoteCommands=1
LogRemoteCommands=1
Server=YYYY
ServerActive=YYYY
Include=D:\zabbix\zabbix_agentd.userparams.conf

The agent on Windows will not start.

The same happens with the Linux agent ? but providing a clearer error:
Starting Zabbix agent: zabbix_agentd [16788]: ERROR: parameter "TLSConnect" value requires "TLSCertFile", but it is not defined

Is this expected, i.e. by design Zabbix is using not only encryption but also client authentication over TLS (so the server will ask the client, in this case the agent to provide its certificate to authenticate it? Otherwise, if this is not the intended design, can it be classified as an issue/bug?

Thanks in advance for your help
Cheers
Marco