cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: New to curl

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 20 Oct 2011 19:48:55 +0200 (CEST)

On Thu, 20 Oct 2011, Yang Tse wrote:

> Without server certificate verification the connection is insecure. <Full
> stop>
>
> Without server certificate verification the connection is encrypted and a
> MITM eavesdropping or modifying encrypted data is perfectly possible.

True that. Without certificate verification a MITM attack is not possible to
detect.

But once the connection is established (to a possible MITM attacker), the
connection isn't possible for anyone else to eavesdrop on! =)

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2011-10-20

This message: [ Message body ]
Next message: mushubi_at_sympatico.ca: "How to fetch pop3 mail using libcurl"
Previous message: Yang Tse: "Re: New to curl"
In reply to: Yang Tse: "Re: New to curl"
Next in thread: Yingling, Todd: "Re: New to curl"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]