cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: curl security

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 9 Jun 2006 00:51:13 +0200 (CEST)

On Thu, 8 Jun 2006, Doug McNutt wrote:

> If you're using HTTPS a GET will still be easily recovered by a packet
> sniffer looking at headers. A POST will be encrypted along with the payload.

Sorry, but that's not true. There's no difference between a GET and a POST
when it comes to what is encrypted or not on a HTTPS connection. SSL/TLS is
done on the transfer layer.

That's also the reason why you can't use name-based virtual hosting on HTTPS
sites (until TLS 1.1 that is).

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html

Received on 2006-06-09

This message: [ Message body ]
Next message: Dave Pawson: "Error code interpretation"
Previous message: Dan Fandrich: "Re: curl security"
In reply to: Doug McNutt: "Re: curl security"
Next in thread: Dan Fandrich: "Re: curl security"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]