From 24cb8c9ca414dcda009717c0872019e62fc4ef3a Mon Sep 17 00:00:00 2001
From: wavebyrd <160968744+wavebyrd@users.noreply.github.com>
Date: Mon, 16 Mar 2026 17:22:42 -0400
Subject: [PATCH] Skip TLS-in-TLS warning when proxy is not HTTPS (#12238)

---
 CHANGES/10683.bugfix.rst | 1 +
 aiohttp/connector.py     | 6 ++++++
 2 files changed, 7 insertions(+)
 create mode 100644 CHANGES/10683.bugfix.rst

diff --git a/CHANGES/10683.bugfix.rst b/CHANGES/10683.bugfix.rst
new file mode 100644
index 00000000000..9631cc5fa05
--- /dev/null
+++ b/CHANGES/10683.bugfix.rst
@@ -0,0 +1 @@
+Fixed misleading TLS-in-TLS warning being emitted when sending HTTPS requests through an HTTP proxy. The warning now only fires when the proxy itself uses HTTPS, which is the only case where TLS-in-TLS actually applies -- by :user:`wavebyrd`.
diff --git a/aiohttp/connector.py b/aiohttp/connector.py
index 7abe43dbe03..547f9719d39 100644
--- a/aiohttp/connector.py
+++ b/aiohttp/connector.py
@@ -1275,6 +1275,12 @@ def _warn_about_tls_in_tls(
         if req.url.scheme != "https":
             return
 
+        # TLS-in-TLS only applies when the proxy itself is HTTPS.
+        # When the proxy is HTTP, start_tls upgrades a plain TCP connection,
+        # which is standard TLS and works on all event loops and Python versions.
+        if req.proxy is None or req.proxy.scheme != "https":
+            return
+
         # Check if uvloop is being used, which supports TLS in TLS,
         # otherwise assume that asyncio's native transport is being used.
         if type(underlying_transport).__module__.startswith("uvloop"):