aiohttp would love to be able to support HTTPS Proxy servers. To do this, asyncio itself needs to be able to provide TLS within TLS connections.

Can we add this support to asyncio please.

(I tried search but could not find a related issue - Please merge if there is)

Yeah, we have the SSL reimplementation ready to be backported from uvloop to cpython.  Fantix, the original author, should be able to do that soon.

@fantix - Is there anything I can do to help this progress. I'd be happy to potentially even do parts of the back porting if you're swamped. Would just need some guidance.

I need this as I'm looking to add auth to some internal HTTP(S) proxies I use and in order to allow aiohttp to be able to do client TLS auth, this is required.

Another bump since I've waiting over a year. Any plans for this? Will it make 3.10? Anything I can do?

Looks like https://github.com/python/cpython/pull/17975 was forgotten and was never committed to 3.9. So it's 3.10 now.

Best bet for you is to use uvloop which should support the feature.

Yury, only problem with that is aiohttp hard blocks HTTPS proxies period. The aiohttp issue says they won't fix this until asyncio supports it. Kinda understand that.

[cooper:~]$ ./aioclient.par
HTTPS proxies https://fwdproxy:8082 are not supported, ignoring
^CTraceback (most recent call last):
  File "<string>", line 37, in <module>
  File "<string>", line 35, in __run
  File "/usr/local/fbcode/platform007/lib/python3.7/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/local/fbcode/platform007/lib/python3.7/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/data/users/cooper/fbsource/fbcode/buck-out/dev/gen/ti/fwdproxy/client_samples/py/aioclient#link-tree/ti/fwdproxy/client_samples/py/aioclient.py", line 56, in <module>
    asyncio.run(run_example())
  File "/usr/local/fbcode/platform007/lib/python3.7/asyncio/runners.py", line 43, in run
    return loop.run_until_complete(main)
  File "uvloop/loop.pyx", line 1450, in uvloop.loop.Loop.run_until_complete
  File "uvloop/loop.pyx", line 1443, in uvloop.loop.Loop.run_until_complete
  File "uvloop/loop.pyx", line 1351, in uvloop.loop.Loop.run_forever
  File "uvloop/loop.pyx", line 519, in uvloop.loop.Loop._run
  File "uvloop/handles/poll.pyx", line 213, in uvloop.loop.__on_uvpoll_event
  File "uvloop/cbhandles.pyx", line 90, in uvloop.loop.Handle._run
  File "uvloop/cbhandles.pyx", line 73, in uvloop.loop.Handle._run
  File "uvloop/loop.pyx", line 359, in uvloop.loop.Loop._read_from_self
  File "uvloop/loop.pyx", line 364, in uvloop.loop.Loop._invoke_signals
  File "uvloop/loop.pyx", line 339, in uvloop.loop.Loop._ceval_process_signals
KeyboardInterrupt

Kept stack trace to prove I was using uvloop :)

> The aiohttp issue says they won't fix this until asyncio supports it. Kinda understand that.

I saw you opened an issue with aiohttp to allow this and they're open to it. I hope that will get some movement. It also would be a big test for uvloop's (and 3.10 asyncio) TLS implementation.

I'm looking through the PR https://github.com/python/cpython/pull/17975 and it doesn't look like it addresses this particular problem. The code for start_tls https://github.com/python/cpython/blob/d2a8e69c2c605fbaa3656a5f99aa8d295f74c80e/Lib/asyncio/base_events.py#L1210-L1212 has a check for the attribute '_start_tls_compatible' but _SSLProtocolTransport (https://github.com/python/cpython/blob/master/Lib/asyncio/sslproto.py) does not set this. The PR mentioned https://github.com/python/cpython/pull/17975 does not seem to touch any of this so I would assume the problem is still there?

I also installed 3.10.0a7 and this problem still persists when I call loop.start_tls with my SSL writer transport.

Thanks for the reminder.
You are correct, the mentioned PR should set _SSLProtocolTransport._start_tls_compatible to True

Fantastic thanks, I'll keep watching the issue in the background as it sounds like it's under control.

This has been fixed in the main branch since https://github.com/python/cpython/pull/31275, this can be closed now.