> (my perspective is someone who uses Trio for concurrency uses and very much a networking noob!)
I'm ~a bit~ very confused about this issue. My understanding of TLS is that it has to be done upfront and you can't change mid-connection; for instance, the higher level protocol might tell you to reconnect.
I was wondering what exact API you were looking at in trio, if you have any reference for how things could be, and whether the protocol is simple enough that you could detect non-protocol data and assume TLS (I don't know CONNECT proxies, my only experience was SOCKS5 proxies years ago and I forgot everything :P). Sorry if this is annoying to answer!
To connect to DALnet on port 6697 you need to prefix the port number with a + sign. So /server irc.dal.net:+6697 will enable TLS encryption on mIRC and Adiirc atleast. Also you can turn a normal socket into an SSL socket using STARTTLS which changes to an encrypted data in mid-connection state. At any point in time a STARTTLS command maybe sent to a TCP/IP port that supports STARTTLS. POP3 uses a STLS command but I think everything else is the same. The connection needs to be to specific port numbers for TLS and STARTTLS. To use STARTTLS in mIRC and Adiirc apps prefix the port number with an asterisks so it looks like /server irc.dal.net:*6697 however I do not know of any IRC servers supporting STARTTLS yet so the above command with the asterisks will not work. I suppose because it maybe it would be less secure? I honestly cannot tell you why there are no STARTTLS support on IRC networks but the IRC clients supports STARTTLS connections.
Originally posted by @ghost in https://github.com/python-trio/trio/issues/2684#issuecomment-2014510071
To connect to DALnet on port 6697 you need to prefix the port number with a + sign. So /server irc.dal.net:+6697 will enable TLS encryption on mIRC and Adiirc atleast. Also you can turn a normal socket into an SSL socket using STARTTLS which changes to an encrypted data in mid-connection state. At any point in time a STARTTLS command maybe sent to a TCP/IP port that supports STARTTLS. POP3 uses a STLS command but I think everything else is the same. The connection needs to be to specific port numbers for TLS and STARTTLS. To use STARTTLS in mIRC and Adiirc apps prefix the port number with an asterisks so it looks like /server irc.dal.net:*6697 however I do not know of any IRC servers supporting STARTTLS yet so the above command with the asterisks will not work. I suppose because it maybe it would be less secure? I honestly cannot tell you why there are no STARTTLS support on IRC networks but the IRC clients supports STARTTLS connections.