@alexchapman Uh... This is most definitely wrong. Lmfao. Yes, people do TLS on their dev computers. It's called having a dev certificate. It's self-signed, yo ushould perhaps learn about what your talking about before you criticise it.

@draeand But I don't open ports like a lot of others do, and this freya person was acting like not doing that is the worst thing, like literally, if I had ports open then yeah, but when editing code locally and then git pushing its not needed.

@alexchapman So what? TLS is always something you should be testing locally. Especially if your using a protocol which makes TLS a requirement. I know at least one protocol that requires TLS as a part of the protocol, it isn't an optional thing you can turn off

@draeand Yeah, when you're running shit on a server, but if you're just running tests before pushing changes to the VPS and stuff then yeah, this guy was basically trying to discredit me all because my windows machine, which doesn't have ports open, doesn't host any shit that is supposed to be on a VPS or other machine, doesn't have the SSL shit set up. I'm not the only one that doesn't go that far, a lot of people don't bother, because its not a requirement to write code and run tests.

@alexchapman Do you have any evidence that so many people just don't do that? Because I would say that's very specific on what it is your developing

@draeand Well I wouldn't be surprised, because doing that on Windows means messing with extra stuff instead of developing.

@alexchapman Also, development velocity is not a metric yo ushould use to judge how well your doing, because the metric is so vaguely defined as to be useless to begin with.

@draeand Yeah well I've never known anyone to do that shit on their own machines, they just crack on and if something needs testing with SSL they set it up on their VPS and if they're not ready to push it out to the main application they set up a test version on a subdomain and have it as a fresh instance, database and all, that way only the dev, or devs, can get on to that version.

@alexchapman Aaaaaand that's how you get "well I accidentally found this test version which shouldn't have been exposed but was by accident" security vulnerabilities. TLS testing is good to simulate a production environment *without* going into full production. And generating the TLS cert can literally be done in power shell, something like this will do it just fine:
$cert = New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "Cert:\LocalMachine\My"
Seriously. Or the openssl CLI can do it. Please actually in future read about the things people complain to you about before going and acting like you fully understand the landscape. As it currently stands, your making a bunch of confused statements which are logically incoherent. TLS for one doesn't require that you open ports. Ports have absolutely nothing to do with TLS whatsoever, in fact.