Whonix Linux Installer - Development Discussion

The download command is non-ideal.

curl --tlsv1.3 --proto "=https" --output whonix-installer-xfce --url https://www.whonix.org/installer-dist

• Too long.
• The quotes for "=https" are required for zsh compatibility → related: Change default shell from bash to zsh by default? - #117 by Patrick
• --tlsv1.3 by itself is unfortunately insufficient to enforce TLS. --tlsv1.3 is useful to prevent TLS version downgrade attacks. But without --proto "=https" the following command would work.

.

curl --tlsv1.3 --max-time 180 --output ~/test.txt http://httpforever.com/

It only fails as it should when using:

curl --tlsv1.3 --proto "=https" --max-time 180 --output ~/test.txt http://httpforever.com/

But I might be mistaken. Curl might enforce the correct protocol “https” based on the url starting with “https://” and disallow “http”.

• Template:Curl Secure - Kicksecure
• Template:Curl Secure - Whonix