On 17.02.21 00:01, Jacob Champion wrote:
On Mon, 2021-02-15 at 15:09 +0100, Peter Eisentraut wrote:
The question I had was whether this should be an optional behavior, or
conversely a behavior that can be turned off, or whether it should just
be turned on all the time.
Personally I think there should be a toggle, so that any users for whom
hostnames are potentially sensitive don't have to make that information
available on the wire. Opt-in, to avoid having any new information
disclosure after a version upgrade?
Just as additional data points, it has come to my attention that both
the Go driver ("lib/pq") and the JDBC environment already send SNI
automatically. (In the case of JDBC this is done by the Java system
libraries, not the JDBC driver implementation.)
