diff -r ba1cc1a6de01 Lib/asyncio/selector_events.py
--- a/Lib/asyncio/selector_events.py	Mon Dec 02 20:59:28 2013 +0100
+++ b/Lib/asyncio/selector_events.py	Mon Dec 02 21:17:34 2013 +0100
@@ -583,7 +583,8 @@
                 # cadefault=True.
                 if hasattr(ssl, '_create_stdlib_context'):
                     sslcontext = ssl._create_stdlib_context(
-                        cert_reqs=ssl.CERT_REQUIRED)
+                        cert_reqs=ssl.CERT_REQUIRED,
+                        check_hostname=True)
                 else:
                     # Fallback for Python 3.3.
                     sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
@@ -639,17 +640,19 @@
         self._loop.remove_reader(self._sock_fd)
         self._loop.remove_writer(self._sock_fd)
 
-        # Verify hostname if requested.
         peercert = self._sock.getpeercert()
-        if (self._server_hostname and
-            self._sslcontext.verify_mode != ssl.CERT_NONE):
-            try:
-                ssl.match_hostname(peercert, self._server_hostname)
-            except Exception as exc:
-                self._sock.close()
-                if self._waiter is not None:
-                    self._waiter.set_exception(exc)
-                return
+        if not hasattr(self._sslcontext, "check_hostname"):
+            # Verify hostname if requested, Python 3.4+ uses check_hostname
+            # and checks the hostname in do_handshake()
+            if (self._server_hostname and
+                self._sslcontext.verify_mode != ssl.CERT_NONE):
+                try:
+                    ssl.match_hostname(peercert, self._server_hostname)
+                except Exception as exc:
+                    self._sock.close()
+                    if self._waiter is not None:
+                        self._waiter.set_exception(exc)
+                    return
 
         # Add extra info that becomes available after handshake.
         self._extra.update(peercert=peercert,
diff -r ba1cc1a6de01 Lib/http/client.py
--- a/Lib/http/client.py	Mon Dec 02 20:59:28 2013 +0100
+++ b/Lib/http/client.py	Mon Dec 02 21:17:34 2013 +0100
@@ -1204,13 +1204,13 @@
             server_hostname = self.host if ssl.HAS_SNI else None
             self.sock = self._context.wrap_socket(sock,
                                                   server_hostname=server_hostname)
-            try:
-                if self._check_hostname:
+            if not self._context.check_hostname and self._check_hostname:
+                try:
                     ssl.match_hostname(self.sock.getpeercert(), self.host)
-            except Exception:
-                self.sock.shutdown(socket.SHUT_RDWR)
-                self.sock.close()
-                raise
+                except Exception:
+                    self.sock.shutdown(socket.SHUT_RDWR)
+                    self.sock.close()
+                    raise
 
     __all__.append("HTTPSConnection")