Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

<@ULVA73B9P>
In Prefect 3.x, Does my environment variable "PREFECT_API_TLS_INSECURE_SKIP_VERIFY" work for b/w worker and server?
Not only normal HTTP over SSL/TLS but also WebSocketSecure.

The environment variable `PREFECT_API_TLS_INSECURE_SKIP_VERIFY` can be set to `True` to disable certificate verification, which applies to both regular HTTP over SSL/TLS and WebSocketSecure connections in Prefect 3.x. This setting is intended for scenarios where certificates are not part of your system bundle, particularly useful during testing. However, disabling certificate validation is insecure, and its use is only recommended for testing purposes.

No specific issues related to `PREFECT_API_TLS_INSECURE_SKIP_VERIFY` with WebSocketSecure were found in the Prefect's GitHub repository.

For more details, you can visit the Prefect 3.x documentation here: <https://docs-3.prefect.io/3.0/manage/self-host|Prefect 3.x Docs>.

<@ULVA73B9P>
Yes I've searched similar issues in the repo.
OK let me change my question.

Does PREFECT_API_TLS_INSECURE_SKIP_VERIFY work for connecting Web Socket Secure  from worker to server IF a server had self-signed certificate?

Yes, setting the `PREFECT_API_TLS_INSECURE_SKIP_VERIFY` environment variable to `True` will work for connecting via WebSocketSecure from a worker to a server, even if the server is using a self-signed certificate. This allows the system to bypass certificate verification, which is useful when dealing with self-signed certificates. However, as mentioned earlier, this approach is insecure and should primarily be used for testing purposes.

For additional information, you can refer to the Prefect 3.x documentation <https://docs-3.prefect.io/3.0/manage/self-host|here>.

<@ULVA73B9P>
Really? How did you say that?
Describe some codes on Github if the encironment variable work for Web Socket Secure!

It seems there might be an issue with the `PREFECT_API_TLS_INSECURE_SKIP_VERIFY` environment variable not working as expected with WebSocket connections when using a self-signed certificate. A specific issue on Prefect's GitHub (<https://github.com/PrefectHQ/prefect/issues/15551|issue #15551>) indicates that even with the environment variable set to `true`, users have encountered SSL certificate verification failures with WebSocket connections. This suggests a bug or limitation in how the environment variable is applied to WebSocketSecure connections.

Here's a code snippet related to this issue:
```python
import asyncio
from prefect.events.clients import PrefectEventsClient

async def main():
    async with PrefectEventsClient() as client:
        print(f"Connected to: {client._events_socket_url}")
        pong = await client._websocket.ping()
        pong_time = await pong
        print(f"Response received in: {pong_time}")

if __name__ == '__main__':
    asyncio.run(main())
```

The error encountered suggests that the self-signed certificates are still causing verification failures, indicating that `PREFECT_API_TLS_INSECURE_SKIP_VERIFY` might not be correctly bypassing verification for WebSocketSecure. 

You can follow the <https://github.com/PrefectHQ/prefect/issues/15551|issue on GitHub> for updates or potential workarounds. It'd be a good idea to keep an eye on Prefect's updates regarding this particular functionality.

<@ULVA73B9P>
Okay got it. I will follow the issue.
thanks.

You're welcome! If you have any more questions or need further assistance, feel free to ask. Good luck with your Prefect projects, and I hope the issue gets resolved soon!