Now, the error message "channel binding not supported by this build" would show up by either the backend or the frontend if X509_get_signature_nid() is not present in the version of OpenSSL your version of libpq (for the frontend) or your backend are linked to. This function has been added in OpenSSL 1.0.2, so it seems to me that you have an OpenSSL version mismatch between your client and the server. My guess is that the client uses OpenSSL 1.0.2, but the server is linked to OpenSSL 1.0.1 or older.
Michael,
Thank you very much; that is indeed the case. The database server is brand new, having built as an upgrade from PostgreSQL 8.2 (yes, I know, I know). ;-) It is running openssl 1.1.0 on Ubuntu 18.04. The application servers are running openssl 1.0.1 on Ubuntu 14.04. They will be migrated to Ubuntu 18.04 before they reach EOL in April, but that won't happen until after the database upgrade.
Knowing this is the issue is very helpful, and I'm not sure I would have figured it out on my own. I'll just hold off on the scram-sha-256 password conversion until we upgrade the application servers.
