cURL / Mailing Lists / curl-users / Single Mail


Re: curl security

From: Daniel Stenberg <>
Date: Fri, 9 Jun 2006 00:51:13 +0200 (CEST)

On Thu, 8 Jun 2006, Doug McNutt wrote:

> If you're using HTTPS a GET will still be easily recovered by a packet
> sniffer looking at headers. A POST will be encrypted along with the payload.

Sorry, but that's not true. There's no difference between a GET and a POST
when it comes to what is encrypted or not on a HTTPS connection. SSL/TLS is
done on the transfer layer.

That's also the reason why you can't use name-based virtual hosting on HTTPS
sites (until TLS 1.1 that is).

  Commercial curl and libcurl Technical Support:
Received on 2006-06-09