cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: New to curl

From: Yingling, Todd <tyingling_at_wellspan.org>
Date: Thu, 20 Oct 2011 09:57:20 -0400

> Does curl encrypt the tunnel when it's used to transfer a message to a https

> site; even though, certificates are not being verified? Is the message

> secure?

curl speaks HTTPS then, so your question is really about how secure HTTPS

without using certificates?

First, HTTPS is HTTP over TLS (or SSL). TLS _always_ has a server certificate

involved that is presented by the server to the client.

The client MUST verify the server certificate against a CA cert bundle, to

know that you're in fact talking to the correct server. This verification can

be skipped, but then it makes the TLS connection insecure. But the connection

would still be encrypted and not possible to eavesdrop on.

Once the TLS connection has been negotiated, the data that goes over the

connection is as secure as you can get with this technology.

If the server also wants to be really sure that the client is who/what it

claims to be, then the server can insist on requiring a client certificate.

Did this answer the question?

Indeed, it does.

Thank you.

CONFIDENTIALITY NOTICE:

This email may contain confidential health information that is legally privileged. This information is intended for the use of the named recipient(s). The authorized recipient of this information is prohibited from disclosing this information to any party unless required to do so by law or regulation and is required to destroy the information after its stated need has been fulfilled. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or action taken in reliance on the contents of this email is strictly prohibited. If you receive this e-mail message in error, please notify the sender immediately to arrange disposition of the information. .

______________________________________________________________________
This e-mail has been scanned by MCI Managed Email Content Service, using Skeptic(tm) technology powered by MessageLabs. For more information on MCI's Managed Email Content Service, visit http://www.mci.com.
______________________________________________________________________

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-10-20