DEV Community

Scott Watermasysk
Scott Watermasysk

Posted on • Originally published at scottw.com on

SSL::VERIFY_NONE - NEVER!

I saw this little doozy as recommend code for (Ruby) API access:

http.verify_mode = OpenSSL::SSL::VERIFY_NONE

This effectively disables SSL checks and is not something anyone should be recommending….ever.

Discussion (0)