diff --git a/lib/mcollective/security/choria.rb b/lib/mcollective/security/choria.rb
index 11dae8a..c2010b2 100644
--- a/lib/mcollective/security/choria.rb
+++ b/lib/mcollective/security/choria.rb
@@ -234,6 +234,8 @@ def decode_reply(secure_payload)
       # @return [Boolean]
       # @raise [SecurityValidationFailed] when the message cannot be decoded
       def validrequest?(secure_payload, request)
+        return true if $choria_unsafe_disable_protocol_security # rubocop:disable Style/GlobalVars
+
         callerid = request["envelope"]["callerid"]
 
         if verify_signature(secure_payload["message"], secure_payload["signature"], callerid, true)
@@ -439,6 +441,8 @@ def client_cache_mutex
       # @return [Boolean] true when the cert was cached, false when already cached
       # @raise [StandardError] when an invalid cert was received
       def cache_client_pubcert(envelope, pubcert)
+        return false if $choria_unsafe_disable_protocol_security # rubocop:disable Style/GlobalVars
+
         client_cache_mutex.synchronize do
           callerid = envelope["callerid"]
           certfile = public_certfile(callerid)
diff --git a/lib/mcollective/util/choria.rb b/lib/mcollective/util/choria.rb
index 26edd8a..48e6210 100644
--- a/lib/mcollective/util/choria.rb
+++ b/lib/mcollective/util/choria.rb
@@ -434,6 +434,8 @@ def parse_pubcert(pubcert, log=true)
       # @return [Boolean]
       # @raise [StandardError] on failure
       def check_ssl_setup(log=true)
+        return true if $choria_unsafe_disable_protocol_security # rubocop:disable Style/GlobalVars
+
         if Process.uid == 0 && PluginManager["security_plugin"].initiated_by == :client
           raise(UserError, "The Choria client cannot be run as root")
         end