curl-使用--insecure选项时是否对数据进行加密? [英] curl - Is data encrypted when using the --insecure option?
问题描述
我有一种情况,客户端通过curl呼叫https网址。 https URL的SSL证书是自签名的,因此curl无法进行证书验证并且失败。 curl提供了 -k /-insecure
选项,该选项禁用证书验证。
I have a situation where the client makes a call through curl to a https url. The SSL certificate of the https url is self signed and therefore curl cannot do certificate validation and fails. curl provides an option -k/--insecure
which disables certificate validation.
我的问题是使用-不安全
选项时,是客户端和服务器之间进行的数据传输加密(因为应该用于https url)?我了解由于未进行证书验证而带来的安全风险,但是对于这个问题,我仅关注数据传输是否已加密。
My question is that on using --insecure
option, is the data transfer that is done between client and server encrypted(as it should be for https urls)? I understand the security risk because of certificate validation not being done, but for this question I am only concerned about whether data transfer is encrypted or not.
推荐答案
是的,传输的数据仍以加密方式发送。 -k
/ -不安全
将仅使 curl
跳过证书验证,它将不会一起关闭SSL。
Yes, the transfered data is still sent encrypted. -k
/--insecure
will "only make" curl
skip certificate validation, it will not turn off SSL all together.
有关此事的更多信息,请参见以下链接:
More information regarding the matter is available under the following link:
- < a href = http://curl.haxx.se/docs/sslcerts.html rel = noreferrer> curl.haxx.se-服务器SSL证书的详细信息
- curl.haxx.se - Details on Server SSL Certificates
这篇关于curl-使用--insecure选项时是否对数据进行加密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!