ssl.wrap_socket is the currently recommended helper for adding SSL/TLS support when using the library. ssl.wrap_socket usage however has been deprecated since Python 3.2. Instead clients are encouraged to use an instance of ssl.SSLContext and its wrap_socketmethod .
Per https://ircv3.net/docs/sni.html, IRCv3 capable clients must use SNI when connecting via TLS. ssl.SSLContext.wrap_socket is able to perform SNI negotiation and server certificate validation when it is called with a server_hostname parameter, but will error out with "ValueError: check_hostname requires server_hostname" or similar when server_hostname is omitted. The workaround for this is to set check_hostname = False and verify_mode = ssl.CERT_NONE on the ssl.SSLContext instance, but this also violates the IRCv3 spec and introduces man-in-the-middle potential for the TLS secured connection.
ssl.wrap_socket
is the currently recommended helper for adding SSL/TLS support when using the library.ssl.wrap_socket
usage however has been deprecated since Python 3.2. Instead clients are encouraged to use an instance of ssl.SSLContext and itswrap_socket
method .Per https://ircv3.net/docs/sni.html, IRCv3 capable clients must use SNI when connecting via TLS.
ssl.SSLContext.wrap_socket
is able to perform SNI negotiation and server certificate validation when it is called with aserver_hostname
parameter, but will error out with "ValueError: check_hostname requires server_hostname" or similar when server_hostname is omitted. The workaround for this is to setcheck_hostname = False
andverify_mode = ssl.CERT_NONE
on thessl.SSLContext
instance, but this also violates the IRCv3 spec and introduces man-in-the-middle potential for the TLS secured connection.