On Thu, 2021-02-25 at 17:00 +0100, Peter Eisentraut wrote:
> Just as additional data points, it has come to my attention that both
> the Go driver ("lib/pq") and the JDBC environment already send SNI
> automatically. (In the case of JDBC this is done by the Java system
> libraries, not the JDBC driver implementation.)
For the Go case it's only for sslmode=verify-full, and only because the
Go standard library implementation does it for you automatically if you
request the builtin server hostname validation. (I checked both lib/pq
and its de facto replacement, jackc/pgx.) So it may not be something
that was done on purpose by the driver implementation.
--Jacob
