I used to think this was a good way to test SSL, but it's a lot more work to bootstrap a developer and doesn't maintain good separation of concerns. SSL should belong in all your non-desktop/laptop boxes -- production, staging, test.<p>In test setup blocks:<p><pre><code> @request.env['HTTPS'] = 'on'
@request.env['SERVER_PORT'] = 443
</code></pre>
You can stub out TLS/SSL. Then, ensure your require SSL definition in your controller returns a HTTP 426 status if it's not over SSL.<p>Your tests expect a 200 response, not a 426 or 302. 302 is bad -- you've already submitted via plaintext once (I'm looking at you, ssl_requirement). Fail fast and fix your code.<p>SSL will be disabled for only localhost requests.<p><pre><code> def ssl_enabled?
!(request.local?)
end
</code></pre>
This has been tested on dozens of computers.