Is the link automatically secure when connecting to a previously bonded device i.e when BLE_GAP_EVT_CONNECTED is published?
When devices are pairing/bonding, the peer manager publishes the PM_EVT_CONN_SEC_SUCCEEDED event. But if it is already bonded, does the application from central/peripheral side needs to do something to ensure the link is secure?