Is a HTTPS connection secure without a valid SSL certificate?

Question

I use a HTTPS connection without a valid SSL certificate. Is the connection safe? Is the information encrypted?

Answer 1

The connection is encrypted even if the SSL certificate isn't valid (expired, snake-oil, untrusted CA, etc.). The SSL certificate validation just makes sure you're connecting to the folks you think you're connecting to. Encryption doesn't do you any good if the folks decrypting your data are crackers instead of PayPal.