问题描述
我遇到客户端通过 curl 调用 https url 的情况.https url 的 SSL 证书是自签名的,因此 curl 无法进行证书验证并失败.curl 提供了一个选项 -k/--insecure 来禁用证书验证.
I have a situation where the client makes a call through curl to a https url. The SSL certificate of the https url is self signed and therefore curl cannot do certificate validation and fails. curl provides an option -k/--insecure which disables certificate validation.
我的问题是,在使用 --insecure 选项时,在客户端和服务器之间完成的数据传输是否加密(对于 https url 应该是这样)?我了解由于未进行证书验证而带来的安全风险,但对于这个问题,我只关心数据传输是否加密.
My question is that on using --insecure option, is the data transfer that is done between client and server encrypted(as it should be for https urls)? I understand the security risk because of certificate validation not being done, but for this question I am only concerned about whether data transfer is encrypted or not.
推荐答案
是的,传输的数据仍然是加密发送的.-k/--insecure 将只使"curl 跳过证书验证,它不会一起关闭 SSL.
Yes, the transfered data is still sent encrypted. -k/--insecure will "only make" curl skip certificate validation, it will not turn off SSL all together.
有关此事的更多信息,请访问以下链接:
More information regarding the matter is available under the following link:
这篇关于curl - 使用 --insecure 选项时数据是否加密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!