When to Disable SSL Verification
Disabling SSL verification can be helpful in the following cases:- Staging Environments: When testing against a pre-production system with a self-signed or unverified certificate.
- Development Environments: Local or internal services that lack a valid SSL certificate.
- Custom Testing Needs: If your focus is on performance and load testing, rather than SSL validation.
Tip: If SSL verification is causing test failures, but your production site has a valid certificate, consider keeping verification enabled in production while disabling it for development/staging tests.
How to Disable SSL Verification
You can disable SSL verification per request or globally for all requests.1. Disable SSL Verification for a Specific Request
To disable SSL verification for an individual request, passverify=False in the request:
2. Disable SSL Verification Globally
To disable SSL verification for all requests in a test, setself.client.verify = False in the on_start method:
Implications of Disabling SSL Verification
Disabling SSL verification does not disable encryption—your data is still transmitted over an SSL connection. However:- Man-in-the-middle attacks become easier, as SSL validation ensures the authenticity of the server.
- Some security-focused applications may reject requests with disabled SSL verification.
Warning: Do not disable SSL verification in production unless absolutely necessary.
Debugging SSL Issues
If you experience SSL-related failures in LoadForge, consider:- Checking the certificate chain: Run
curl -v https://your-site.comto see certificate details. - Ensuring your certificate is valid: Use a trusted Certificate Authority (CA).
- Verifying SSL settings in your application: Some APIs require specific TLS versions or cipher suites.
verify=False selectively, you can bypass SSL issues in test environments while keeping security best practices in production.