curl / Mailing Lists / curl-users / Single Mail



From: Daniel Stenberg <>
Date: Wed, 23 Aug 2017 10:08:37 +0200 (CEST)

Hi friends,

On github alone, "curl --insecure" is used in source code at least 117,000
times. With a possible addition of about 196,000 instances where "curl -k" is

Some of these use cases are probably totally legit, especially when you get
things from localhost or similar, but many of them should probably rather make
the connection to the self-signed server secure by using a cacert for it.

Is there anything we can do to reduce the use of insecure SSL connections done
by curl in the world?

Would adding a warning help? Here's a PR doing that:

Received on 2017-08-23