security – curl – Is data encrypted when using the –insecure option?

security – curl – Is data encrypted when using the –insecure option?

Yes, the transfered data is still sent encrypted. -k/--insecure will only make curl skip certificate validation, it will not turn off SSL all together.

More information regarding the matter is available under the following link:

It will be encrypted but insecure. If you trust the certificate you should add the certificate to your certificate store instead of connecting insecurely.

macOS:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/new-root-certificate.crt

Ubuntu, Debian:
sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt
sudo update-ca-certificates

CentOS 6:
yum install ca-certificates
update-ca-trust force-enable
cp foo.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust extract

CentOs 5:
cat foo.crt >>/etc/pki/tls/certs/ca-bundle.crt

Windows:
certutil -addstore -f ROOT new-root-certificate.crt

security – curl – Is data encrypted when using the –insecure option?

Leave a Reply

Your email address will not be published.