curl - Is data encrypted when using the --insecure option?

security ssl curl https ssl-certificate
105,623

Solution 1

Yes, the transfered data is still sent encrypted. -k/--insecure will "only make" curl skip certificate validation, it will not turn off SSL all together.

More information regarding the matter is available under the following link:

Solution 2

It will be encrypted but insecure. If you trust the certificate you should add the certificate to your certificate store instead of connecting insecurely.

macOS: sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/new-root-certificate.crt

Ubuntu, Debian: sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt sudo update-ca-certificates

CentOS 6: yum install ca-certificates update-ca-trust force-enable cp foo.crt /etc/pki/ca-trust/source/anchors/ update-ca-trust extract

CentOs 5: cat foo.crt >>/etc/pki/tls/certs/ca-bundle.crt

Windows: certutil -addstore -f "ROOT" new-root-certificate.crt

Share:
105,623
randomuser
Author by

randomuser

Updated on June 04, 2020

Comments

  • randomuser
    randomuser almost 4 years

    I have a situation where the client makes a call through curl to a https url. The SSL certificate of the https url is self signed and therefore curl cannot do certificate validation and fails. curl provides an option -k/--insecure which disables certificate validation.

    My question is that on using --insecure option, is the data transfer that is done between client and server encrypted(as it should be for https urls)? I understand the security risk because of certificate validation not being done, but for this question I am only concerned about whether data transfer is encrypted or not.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Wildcard SSL behaves inconsistently across browsers / OS's / computers
Passing .PEM and .KEY as string in Curl using PHP
cURL requires CURLOPT_SSL_VERIFYPEER=FALSE
curl SSL certificate error: verifcation failed
Some clients accept SSL cert; others reject it
Error while creating self-signed SSL certificate
Comodo SSL: ERR_CERT_AUTHORITY_INVALID on Chrome mobile and Opera mobile (Android)
OS X 10.11.6 El Capitan SSLRead() return error -9841
How can the SSL client validate the server's certificate?
Where is the location of Keystore file in JAVA?