SSL clarification

So, I have a few machines running CentOS 5.5. I have a working Nagios configuration installed, monitoring some basic and non-basic checks, most over NRPE.

My boss asked me to make sure that the data is encrypted over SSL, and after doing some research, it looks to me like NRPE operates over SSL by default if both host & client have compatible version of openssl.

Can anyone verify that this is true? I have run “check_nrpe” manually and verified that the handshake occurs without the “-n” flag. If I add the flag, the handshake drops… Which leads me to believe it’s already running over SSL.

If this is true, where is the encryption info stored by default (keys, etc)?

Thanks,
– MrE