By default, LoadForge verifies SSL certificates for all requests to ensure secure communication. However, in some scenarios, disabling SSL verification is useful, particularly in non-production environments.

When to Disable SSL Verification

Disabling SSL verification can be helpful in the following cases:

  • Staging Environments: When testing against a pre-production system with a self-signed or unverified certificate.
  • Development Environments: Local or internal services that lack a valid SSL certificate.
  • Custom Testing Needs: If your focus is on performance and load testing, rather than SSL validation.

Tip: If SSL verification is causing test failures, but your production site has a valid certificate, consider keeping verification enabled in production while disabling it for development/staging tests.

How to Disable SSL Verification

You can disable SSL verification per request or globally for all requests.

1. Disable SSL Verification for a Specific Request

To disable SSL verification for an individual request, pass verify=False in the request:

from locust import HttpUser, task

class QuickstartUser(HttpUser):
    @task
    def insecure_request(self):
        self.client.get("https://your-staging-site.com", verify=False)

2. Disable SSL Verification Globally

To disable SSL verification for all requests in a test, set self.client.verify = False in the on_start method:

class QuickstartUser(HttpUser):
    def on_start(self):
        self.client.verify = False

This approach ensures that every request made during the test ignores SSL verification.

Implications of Disabling SSL Verification

Disabling SSL verification does not disable encryption—your data is still transmitted over an SSL connection. However:

  • Man-in-the-middle attacks become easier, as SSL validation ensures the authenticity of the server.
  • Some security-focused applications may reject requests with disabled SSL verification.

Warning: Do not disable SSL verification in production unless absolutely necessary.

Debugging SSL Issues

If you experience SSL-related failures in LoadForge, consider:

  • Checking the certificate chain: Run curl -v https://your-site.com to see certificate details.
  • Ensuring your certificate is valid: Use a trusted Certificate Authority (CA).
  • Verifying SSL settings in your application: Some APIs require specific TLS versions or cipher suites.

By using verify=False selectively, you can bypass SSL issues in test environments while keeping security best practices in production.

Handling CSRF TokensLarge Scale Testing