bun icon indicating copy to clipboard operation
bun copied to clipboard
verified publisher icon uptrace

enable SNI

Open conradludgate opened this issue 1 year ago • 2 comments

Adding the ServerName config allows TLS to include the ServerNameIdentification (SNI) extension. We use this at Neon to determine which database endpoint to connect to: https://neon.tech/docs/connect/connection-errors#the-endpoint-id-is-not-specified

I have tested that this works for sslmode=require, but I need to still confirm that this doesn't break the insecure modes from being insecure

conradludgate avatar Feb 01 '24 15:02 conradludgate

Hi @conradludgate, I currently face the same problem on neon too. however it works with sslmode=verify-full. does this have some impact? I am not sure, what the different is. but, at lease it works for now.

eu-erwin avatar Feb 17 '24 17:02 eu-erwin

sslmode=require does not verify that the certificate is valid, it only ensures that TLS is used. I would recommend verify-full of you can (neon supports this perfectly)

conradludgate avatar Feb 17 '24 17:02 conradludgate