diff --git a/confluent_client/confluent/client.py b/confluent_client/confluent/client.py
index 647265ac..b35caf19 100644
--- a/confluent_client/confluent/client.py
+++ b/confluent_client/confluent/client.py
@@ -121,10 +121,10 @@ class Command(object):
                                           ssl_version=ssl.PROTOCOL_TLSv1)
         if knownhosts:
             certdata = self.connection.getpeercert(binary_form=True)
+            fingerprint = 'sha512$' + hashlib.sha512(certdata).hexdigest()
             hostid = '@'.join((port,server))
             khf = dbm.open(os.path.join(clientcfgdir, "knownhosts"), 'c', 384)
             if hostid in khf:
-                fingerprint = 'sha512$' + hashlib.sha512(certdata).hexdigest()
                 if fingerprint == khf[hostid]:
                     return
                 else:
diff --git a/confluent_server/confluent/sockapi.py b/confluent_server/confluent/sockapi.py
index dce4ed90..55cdec44 100644
--- a/confluent_server/confluent/sockapi.py
+++ b/confluent_server/confluent/sockapi.py
@@ -194,14 +194,14 @@ def process_request(connection, request, cfm, authdata, authname, skipauth):
 
 
 def _tlshandler():
-    plainsocket = socket.socket()
+    plainsocket = socket.socket(AF_INET6)
     plainsocket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
     plainsocket.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
     srv = ssl.wrap_socket(plainsocket, keyfile="/etc/confluent/privkey.pem",
                           certfile="/etc/confluent/srvcert.pem",
                           ssl_version=ssl.PROTOCOL_TLSv1,
                           server_side=True)
-    srv.bind(('0.0.0.0', 13001))
+    srv.bind(('::', 13001, 0, 0))
     srv.listen(5)
     authname = None
     while (1):  # TODO: exithook