Disabling SSL verification#

Using conda with SSL is strongly recommended, but it is possible to disable SSL and it may be necessary to disable SSL in certain cases.

Some corporate environments use proxy services that use Man-In-The-Middle (MITM) attacks to sniff encrypted traffic. These services can interfere with SSL connections such as those used by conda and pip to download packages from repositories such as PyPI.

If you encounter this interference, you should set up the proxy service's certificates so that the requests package used by conda can recognize and use the certificates.

For cases where this is not possible, conda-build versions 3.0.31 and higher have an option that disables SSL certificate verification and allows this traffic to continue.

conda skeleton pypi can disable SSL verification when pulling packages from a PyPI server over HTTPS.

Warning

This option causes your computer to download and execute arbitrary code over a connection that it cannot verify as secure. This is not recommended and should only be used if necessary. Use this option at your own risk.

To disable SSL verification when using conda skeleton pypi, set the SSL_NO_VERIFY environment variable to either 1 or True (case insensitive).

On *nix systems:

SSL_NO_VERIFY=1 conda skeleton pypi a_package

And on Windows systems:

set SSL_NO_VERIFY=1
conda skeleton pypi a_package
set SSL_NO_VERIFY=

We recommend that you unset this environment variable immediately after use. If it is not unset, some other tools may recognize it and incorrectly use unverified SSL connections.

Using this option will cause requests to emit warnings to STDERR about insecure settings. If you know that what you're doing is safe, or have been advised by your IT department that what you're doing is safe, you may ignore these warnings.

Disabling SSL verification via conda settings#

In addition to disabling SSL via environment variables, you can disable it by setting ssl_verify to false in your config files. To do so, run the following commands to disable and enable it:

conda config --set ssl_verify False
# Run conda commands with SSL disabled
conda config --set ssl_verify True