Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

curl - Is data encrypted when using the --insecure option?

I have a situation where the client makes a call through curl to a https url. The SSL certificate of the https url is self signed and therefore curl cannot do certificate validation and fails. curl provides an option -k/--insecure which disables certificate validation.

My question is that on using --insecure option, is the data transfer that is done between client and server encrypted(as it should be for https urls)? I understand the security risk because of certificate validation not being done, but for this question I am only concerned about whether data transfer is encrypted or not.

like image 612
randomuser Avatar asked Dec 15 '11 12:12

randomuser


People also ask

What does curl insecure do?

You need to pass the -k or --insecure option to the curl command. This option explicitly allows curl to perform “insecure” SSL connections and transfers. All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default.

What is -- Insecure?

1a : deficient in assurance : beset by fear and anxiety always felt insecure in a group of strangers. b : not highly stable or well-adjusted an insecure marriage. 2 : not confident or sure : uncertain feeling somewhat insecure of his reception. 3 : not adequately guarded or sustained : unsafe an insecure investment.

Does curl working with self-signed certificate?

and it validated OK, so curl can definitely handle a self-signed CA. use it with the --cacert flag. You can then use certs.

Does curl use SSL?

In this case, curl is making a GET request and returns the page source without any error because the server uses Trusted CA Signed SSL Certificates. This means that the server is using a certificate that was signed by a trusted authority.


1 Answers

Yes, the transfered data is still sent encrypted. -k/--insecure will "only make" curl skip certificate validation, it will not turn off SSL all together.

More information regarding the matter is available under the following link:

  • curl.haxx.se - Details on Server SSL Certificates
like image 56
Filip Roséen - refp Avatar answered Sep 28 '22 10:09

Filip Roséen - refp