Test guides
Disable SSL Verification
LoadForge, as part of its default behavior, ensures that SSL certificates are thoroughly checked during each request. This feature ensures the integrity and security of the communications between LoadForge and the target server. However, there may be situations where such stringent checks are not necessary or could be counterproductive.
When to Disable SSL Verification
There are specific use cases when it's beneficial to disable SSL verification, notably:
- Staging Environments: When testing against a staging or pre-production environment.
- Development Environments: Especially when using self-signed certificates or certificates that haven't been verified by a recognized Certificate Authority.
If you encounter one of the above scenarios, LoadForge offers a straightforward way to disable SSL verification for a particular test or across all requests in a test.
How to Disable SSL Verification
You can adjust the SSL verification in two ways:
- Per Request: You can disable the SSL verification for a specific request by appending the
verify=Falseattribute to the request function. - Globally: For all requests during a test, disable SSL verification in the
on_startmethod by setting theverify_sslattribute of the client toFalse.
Implications of Disabling SSL Verification
Disabling SSL verification during a load test doesn't mean the test is invalid or less meaningful. In fact:
- The SSL handshake and negotiation still occurs, so the overhead of establishing an SSL connection is still part of the test.
- The integrity of the test results remains intact. Disabling verification primarily helps when the focus of the test is not the certificate itself but the system's performance under load.
Remember, while it's perfectly acceptable to disable SSL verification during testing or development cycles, always ensure that production systems have valid and verified SSL certificates for security and trustworthiness.
Code Examples
Disable SSL Verification Globally
def on_start(self):
self.client.verify = False
Disable SSL Verification for a Specific Request
def login_page(self):
self.client.post("/api/login", json={"Password": "xxxxx"}, verify=False)
In summary, LoadForge provides flexibility in managing SSL verification based on the testing environment and objectives. Use the verify=False attribute as required to tailor your tests effectively.