Test guides

Disable SSL Verification

LoadForge, as part of its default behavior, ensures that SSL certificates are thoroughly checked during each request. This feature ensures the integrity and security of the communications between LoadForge and the target server. However, there may be situations where such stringent checks are not necessary or could be counterproductive.

When to Disable SSL Verification

There are specific use cases when it's beneficial to disable SSL verification, notably:

  • Staging Environments: When testing against a staging or pre-production environment.
  • Development Environments: Especially when using self-signed certificates or certificates that haven't been verified by a recognized Certificate Authority.

If you encounter one of the above scenarios, LoadForge offers a straightforward way to disable SSL verification for a particular test or across all requests in a test.

How to Disable SSL Verification

You can adjust the SSL verification in two ways:

  1. Per Request: You can disable the SSL verification for a specific request by appending the verify=False attribute to the request function.
  2. Globally: For all requests during a test, disable SSL verification in the on_start method by setting the verify_ssl attribute of the client to False.

Implications of Disabling SSL Verification

Disabling SSL verification during a load test doesn't mean the test is invalid or less meaningful. In fact:

  • The SSL handshake and negotiation still occurs, so the overhead of establishing an SSL connection is still part of the test.
  • The integrity of the test results remains intact. Disabling verification primarily helps when the focus of the test is not the certificate itself but the system's performance under load.

Remember, while it's perfectly acceptable to disable SSL verification during testing or development cycles, always ensure that production systems have valid and verified SSL certificates for security and trustworthiness.

Code Examples

Disable SSL Verification Globally

def on_start(self):
    self.client.verify = False

Disable SSL Verification for a Specific Request

def login_page(self):
    self.client.post("/api/login", json={"Password": "xxxxx"}, verify=False)

In summary, LoadForge provides flexibility in managing SSL verification based on the testing environment and objectives. Use the verify=False attribute as required to tailor your tests effectively.

Handling CSRF