HTTPS

Server SSL certificate verification

To skip the host's SSL certificate verification, you can pass —verify=no(default is yes):

  1. $ http --verify=no https://example.org

Custom CA bundle

You can also use —verify=<CA_BUNDLE_PATH> to set a custom CA bundle path:

  1. $ http --verify=/ssl/custom_ca_bundle https://example.org

Client side SSL certificate

To use a client side certificate for the SSL communication, you can passthe path of the cert file with —cert:

  1. $ http --cert=client.pem https://example.org

If the private key is not contained in the cert file you may pass thepath of the key file with —cert-key:

  1. $ http --cert=client.crt --cert-key=client.key https://example.org

SSL version

Use the —ssl=<PROTOCOL> to specify the desired protocol version to use.This will default to SSL v2.3 which will negotiate the highest protocol that boththe server and your installation of OpenSSL support. The available protocolsare ssl2.3, ssl3, tls1, tls1.1, tls1.2, tls1.3. (The actuallyavailable set of protocols may vary depending on your OpenSSL installation.)

  1. # Specify the vulnerable SSL v3 protocol to talk to an outdated server:
  2. $ http --ssl=ssl3 https://vulnerable.example.org