Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
737 views
in Technique[技术] by (71.8m points)

security - curl - Is data encrypted when using the --insecure option?

I have a situation where the client makes a call through curl to a https url. The SSL certificate of the https url is self signed and therefore curl cannot do certificate validation and fails. curl provides an option -k/--insecure which disables certificate validation.

My question is that on using --insecure option, is the data transfer that is done between client and server encrypted(as it should be for https urls)? I understand the security risk because of certificate validation not being done, but for this question I am only concerned about whether data transfer is encrypted or not.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Yes, the transfered data is still sent encrypted. -k/--insecure will "only make" curl skip certificate validation, it will not turn off SSL all together.

More information regarding the matter is available under the following link:


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...