The download command is non-ideal.
curl --tlsv1.3 --proto "=https" --output whonix-installer-xfce --url https://www.whonix.org/installer-dist
- Too long.
- The quotes for
"=https"
are required for zsh compatibility → related: Change default shell from bash to zsh by default? - #117 by Patrick -
--tlsv1.3
by itself is unfortunately insufficient to enforce TLS.--tlsv1.3
is useful to prevent TLS version downgrade attacks. But without--proto "=https"
the following command would work.
.
curl --tlsv1.3 --max-time 180 --output ~/test.txt http://httpforever.com/
It only fails as it should when using:
curl --tlsv1.3 --proto "=https" --max-time 180 --output ~/test.txt http://httpforever.com/
But I might be mistaken. Curl might enforce the correct protocol “https
” based on the url starting with “https://
” and disallow “http
”.