Submitted by itefix on Thu, 14/11/2013 - 21:40
As described at a Nagios tracker post - "The SSL option of the NRPE plugin and server does not perform any kind of authentication. It has no certificates, only a DH key, which is generated at compile time. Compiling the packages with one’s own DH parameters doesn’t make it secure either. It's still anon-DH and you can connect to just any NRPE that you can reach.".
The same tracker post contains a patch introducing full SSL capability to NRPE. We have made some minor improvements to adapt the patch to NRPE version 2.15, and to handle SSL initiation phase in a more proper way (See attachments below).
Outcome of this effort is now made available as a separate Winrpe installer with full SSL capability. Enjoy!!