The names are super misleading. First, they're written in a way that's the opposite of how people think about these things (CLIENT_AUTH -> server socket; SERVER_AUTH -> client socket). Second, they're misleading, you can have TLS which is *mutually* authenticated. Third, CLIENT_AUTH is very frequently used for a server socket where the client isn't authenticated (at the TLS layer) at all!

A simple fix would be to add: Purpose.{CLIENT,SERVER}_SOCKET and alias the old names to those values.

For 3.7 I'm planning to move to protocols instead of purpose oids (PROTOCOL_TLS_CLIENT, PROTOCOL_TLS_SERVER).

Ah, so instead of PROTOCOL_SSLv23 using PROTOCOL_TLS_CLIENT and deprecating the Purpose bits entirely? That sounds good to me!

Yes, I'm planning a PEP to make the SSL module a bit more sane:

1) deprecate all protocols except for PROTOCOL_TLS_CLIENT / PROTOCOL_TLS_SERVER
2) deprecate purpose in favor of PROTOCOL_TLS_*
3) PROTOCOL_TLS_CLIENT defaults to CERT_REQUIRED, match_hostname=True

Sounds good to me!