This was recently added to the stdlib ssl APIs (in 3.8-dev, and also backported to the other -dev branches), so it should be a fairly straightforward matter of wrapping the new APIs: python/cpython#9460

One thing I'm not clear on is how you trigger the post-handshake auth cycle if you don't want to commit to writing something immediately. (e.g., because what you decide to write will depend on the success/failure of the authentication.) Maybe you call do_handshake again? (If so then we need to provide a way to call do_handshake a second time!) Or does failure kill the connection, so it doesn't matter?