What's wrong with "tls_insecure_skip_verify"?

In the documentation is says:

  • tls_insecure_skip_verify turns off security. Do not use in production.

Why is this? Is this really worse than connecting over http:// via reverse_proxy? What alternatives are there to connecting to an application/service that might be HTTPS-only?

Just curious to know more and understand.

Disabling security defeats the point of security. It’s only useful to test if the other endpoint is serving TLS at all.

This topic was automatically closed after 30 days. New replies are no longer allowed.