This feature can be configured through Host & Service Parameters ➳ Access to agents ➳ Encryption. When Encryption for Agents is set to enforce or enable, two things will happen:
In case of enable it will also accept unencrypted output, in case of enforce it won't.
This change also affects real-time updates as these were already encrypted. The passphrase configured for real-time updates will now only serve as a default, agents with "Encryption" configured will use the same passphrase for rt and regular updates. Finally, it is now also possible to configure real-time updates to be unencrypted.
All encryption happens with AES using 256 bit keys and CBC.
The new encryption feature is completely optional, the default behaviour for everything (including real-time updates) is compatible with previous versions.