Skip TLS-in-TLS warning when proxy is not HTTPS (aio-libs#12238)

wavebyrd · web-flow · commit 24cb8c9ca414 · 2026-03-16T21:22:42.000Z
diff --git a/CHANGES/10683.bugfix.rst b/CHANGES/10683.bugfix.rst
@@ -0,0 +1 @@
+Fixed misleading TLS-in-TLS warning being emitted when sending HTTPS requests through an HTTP proxy. The warning now only fires when the proxy itself uses HTTPS, which is the only case where TLS-in-TLS actually applies -- by :user:`wavebyrd`.
diff --git a/aiohttp/connector.py b/aiohttp/connector.py
@@ -1275,6 +1275,12 @@ def _warn_about_tls_in_tls(
         if req.url.scheme != "https":
             return
 
+        # TLS-in-TLS only applies when the proxy itself is HTTPS.
+        # When the proxy is HTTP, start_tls upgrades a plain TCP connection,
+        # which is standard TLS and works on all event loops and Python versions.
+        if req.proxy is None or req.proxy.scheme != "https":
+            return
+
         # Check if uvloop is being used, which supports TLS in TLS,
         # otherwise assume that asyncio's native transport is being used.
         if type(underlying_transport).__module__.startswith("uvloop"):

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+Fixed misleading TLS-in-TLS warning being emitted when sending HTTPS requests through an HTTP proxy. The warning now only fires when the proxy itself uses HTTPS, which is the only case where TLS-in-TLS actually applies -- by :user:`wavebyrd`.