I have a situation where the client makes a call through curl to a https url. The SSL certificate of the https url is self signed and therefore curl cannot do certificate validation and fails. curl provides an option -k/--insecure
which disables certificate validation.
My question is that on using --insecure
option, is the data transfer that is done between client and server encrypted(as it should be for https urls)? I understand the security risk because of certificate validation not being done, but for this question I am only concerned about whether data transfer is encrypted or not.
Yes, the transfered data is still sent encrypted. -k
/--insecure
will "only make" curl
skip certificate validation, it will not turn off SSL all together.
More information regarding the matter is available under the following link: