curl - Is data encrypted when using the --insecure option?
Solution 1
Yes, the transfered data is still sent encrypted. -k
/--insecure
will "only make" curl
skip certificate validation, it will not turn off SSL all together.
More information regarding the matter is available under the following link:
Solution 2
It will be encrypted but insecure. If you trust the certificate you should add the certificate to your certificate store instead of connecting insecurely.
macOS: sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/new-root-certificate.crt
Ubuntu, Debian: sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt sudo update-ca-certificates
CentOS 6: yum install ca-certificates update-ca-trust force-enable cp foo.crt /etc/pki/ca-trust/source/anchors/ update-ca-trust extract
CentOs 5: cat foo.crt >>/etc/pki/tls/certs/ca-bundle.crt
Windows: certutil -addstore -f "ROOT" new-root-certificate.crt
randomuser
Updated on June 04, 2020Comments
-
randomuser almost 4 years
I have a situation where the client makes a call through curl to a https url. The SSL certificate of the https url is self signed and therefore curl cannot do certificate validation and fails. curl provides an option
-k/--insecure
which disables certificate validation.My question is that on using
--insecure
option, is the data transfer that is done between client and server encrypted(as it should be for https urls)? I understand the security risk because of certificate validation not being done, but for this question I am only concerned about whether data transfer is encrypted or not.