Christian Heimes added the comment: You are still ignoring my remarks about TLS SNI. :)
Python uses server_hostname for two different but related parts of the TLS/SSL. 1) When server_hostname is set, the client sends the hostname to the server during the TLS handshake in the ClientHello message. [1] Without a TLS SNI extension your client may talk to the wrong service. TLS SNI not limited to HTTPS, although HTTPS virtual hosting is the biggest user of SNI. You should only omit the argument if you directly connect to an IP address. 2) Python uses server_hostname to verify that the certificate matches the hostname. Hostname matching can be disabled with a custom SSLContext that has check hostname disabled. [1] https://en.wikipedia.org/wiki/Server_Name_Indication server_hostname='' should not bypass hostname verification. That's a bug. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27391> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
