{
  my @encryptions = ();
  my $psk_file = ${'zabbix-agent'}{'TLSPSKFile'} || '/etc/zabbix/zabbix_agentd.psk';
  my $psk_id   = ${'zabbix-agent'}{'TLSPSKIdentity'} || $SystemName . '.' . $DomainName . '-agent';
  if (-s $psk_file){
    push @encryptions, 'psk';
    $OUT .=<<_EOF;
TLSPSKFile=$psk_file
TLSPSKIdentity=$psk_id
_EOF
  }

  my $cert = ${'zabbix-agent'}{'TLSCertFile'} || '/etc/zabbix/zabbix_agentd.crt';
  my $key  = ${'zabbix-agent'}{'TLSKeyFile'}  || '/etc/zabbix/zabbix_agentd.key';
  my $ca   = ${'zabbix-agent'}{'TLSCAFile'}   || '/etc/zabbix/zabbix_agentd.ca';
  if (-s $cert && -s $key && -s $ca){
    push @encryptions, 'cert';
    $OUT .=<<_EOF;
TLSCertFile=$cert
TLSKeyFile=$key
TLSCAFile=$ca
_EOF
    my $issuer  = ${'zabbix-agent'}{'TLSServerCertIssuer'} || '';
    my $subject = ${'zabbix-agent'}{'TLSServerCertSubject'} || '';
    $OUT .= "TLSServerCertIssuer=$issuer\n"   if ($issuer ne '');
    $OUT .= "TLSServerCertSubject=$subject\n" if ($subject ne '');
  }
  my $encryptions = (scalar @encryptions > 0) ? join(',', @encryptions) : '';
  $OUT .=<<_EOF if ($encryptions ne '');
TLSConnect=$encryptions
TLSAccept=$encryptions
_EOF
}