What are the potential security implications of disabling http.sslVerify while using Git?

Question

There are multiple questions regarding how to disable http ssl verfication for git (check How do I set GIT_SSL_NO_VERIFY for specific repos only? and Unable to set the sslVerify to false).

However, I have not been able to find a comprehensive description of the potential security implications of disabling verification.

How risky is this behavior? Why?

Answer 1

If you disable TLS verification by using this option, you have no security. Any attacker who can intercept your communications can create a self-signed certificate with the same domain name, pretend to be the server in question, and snoop on and tamper with all your traffic; this is a classic man-in-the-middle attack. This is trivial for anyone who is on the same network as you or anyone who can announce a BGP feed. It is well known that packets can get routed elsewhere due to state actors or sometimes just mistakes.

Verifying TLS certificates against a set of trustworthy certificate authorities prevents this from happening because those certificate authorities will only issue certificates for a given domain name to someone who can prove that they control the domain in question. An attacker will not be able to acquire such a certificate since they cannot prove that control and hence any MITM attack would fail due to an invalid certificate.

The only time it is safe to disable TLS verification is if you're working with localhost on a trusted computer (e.g., your laptop), in which case an attacker would not be able to insert themselves. Otherwise, disabling TLS verification is equivalent to using no encryption at all, and permits almost anyone to inspect and tamper with your data at will without you noticing.