cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Reg : Securing data and control channels

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sat, 29 Aug 2009 22:10:58 +0200 (CEST)

On Fri, 28 Aug 2009, Deepesh Damodaran wrote:

Please don't top-post.

> curl_easy_setopt(curl, CURLOPT_FTP_SSL, (long)CURLFTPSSL_ALL);
> curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
> curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
>
> Would it be possible for you to throw some light on the security on
> data/control channels of TCP connections?

It will use encrypted data and control connections, BUT without verifying the
server's certificate (the two CURLOPT_SSL_VERIFY* options) the security is
very weak since you won't be able to detect for example a man in the middle
attack.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2009-08-29

This message: [ Message body ]
Previous message: Denis Sacchet: "Re: Explicit FTP upload with encrypted data channel block on STOR"
Maybe in reply to: Deepesh Damodaran: "Reg : Securing data and control channels"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]