xref: /curl/docs/cmdline-opts/insecure.md (revision 62bfcb0c)
1---
2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
3SPDX-License-Identifier: curl
4Long: insecure
5Short: k
6Help: Allow insecure server connections
7Protocols: TLS SFTP SCP
8Category: tls sftp scp ssh
9Added: 7.10
10Multi: boolean
11See-also:
12  - proxy-insecure
13  - cacert
14  - capath
15Example:
16  - --insecure $URL
17---
18
19# `--insecure`
20
21By default, every secure connection curl makes is verified to be secure before
22the transfer takes place. This option makes curl skip the verification step
23and proceed without checking.
24
25When this option is not used for protocols using TLS, curl verifies the
26server's TLS certificate before it continues: that the certificate contains
27the right name which matches the hostname used in the URL and that the
28certificate has been signed by a CA certificate present in the cert store. See
29this online resource for further details:
30**https://curl.se/docs/sslcerts.html**
31
32For SFTP and SCP, this option makes curl skip the *known_hosts* verification.
33*known_hosts* is a file normally stored in the user's home directory in the
34".ssh" subdirectory, which contains hostnames and their public keys.
35
36**WARNING**: using this option makes the transfer insecure.
37
38When curl uses secure protocols it trusts responses and allows for example
39HSTS and Alt-Svc information to be stored and used subsequently. Using
40--insecure can make curl trust and use such information from malicious
41servers.
42